2019-05-19 06:08:55 -06:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* Machine check handler.
|
2009-04-08 04:31:17 -06:00
|
|
|
*
|
2005-04-16 16:20:36 -06:00
|
|
|
* K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
|
2007-10-23 14:37:23 -06:00
|
|
|
* Rest from unknown author(s).
|
|
|
|
|
* 2004 Andi Kleen. Rewrote most of it.
|
2009-02-12 05:43:23 -07:00
|
|
|
* Copyright 2008 Intel Corporation
|
|
|
|
|
* Author: Andi Kleen
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2012-05-21 20:50:07 -06:00
|
|
|
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/thread_info.h>
|
|
|
|
|
#include <linux/capability.h>
|
|
|
|
|
#include <linux/miscdevice.h>
|
|
|
|
|
#include <linux/ratelimit.h>
|
|
|
|
|
#include <linux/rcupdate.h>
|
|
|
|
|
#include <linux/kobject.h>
|
2009-04-30 01:04:51 -06:00
|
|
|
#include <linux/uaccess.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/kdebug.h>
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/percpu.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/string.h>
|
2011-12-21 15:29:42 -07:00
|
|
|
#include <linux/device.h>
|
2011-03-23 15:15:54 -06:00
|
|
|
#include <linux/syscore_ops.h>
|
2009-05-27 13:56:55 -06:00
|
|
|
#include <linux/delay.h>
|
2005-09-12 10:49:24 -06:00
|
|
|
#include <linux/ctype.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/sched.h>
|
2009-02-17 15:07:13 -07:00
|
|
|
#include <linux/sysfs.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/types.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 02:04:11 -06:00
|
|
|
#include <linux/slab.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/kmod.h>
|
|
|
|
|
#include <linux/poll.h>
|
2009-05-27 13:56:55 -06:00
|
|
|
#include <linux/nmi.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/cpu.h>
|
2017-03-27 03:33:02 -06:00
|
|
|
#include <linux/ras.h>
|
2009-04-30 01:04:51 -06:00
|
|
|
#include <linux/smp.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <linux/fs.h>
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
#include <linux/mm.h>
|
2009-07-30 19:41:42 -06:00
|
|
|
#include <linux/debugfs.h>
|
2011-06-07 19:56:02 -06:00
|
|
|
#include <linux/irq_work.h>
|
2011-05-26 10:22:53 -06:00
|
|
|
#include <linux/export.h>
|
2016-09-01 12:39:33 -06:00
|
|
|
#include <linux/jump_label.h>
|
2018-07-13 22:50:32 -06:00
|
|
|
#include <linux/set_memory.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2016-11-18 10:48:36 -07:00
|
|
|
#include <asm/intel-family.h>
|
2007-10-23 14:37:23 -06:00
|
|
|
#include <asm/processor.h>
|
2014-11-19 18:41:09 -07:00
|
|
|
#include <asm/traps.h>
|
2014-10-24 16:58:07 -06:00
|
|
|
#include <asm/tlbflush.h>
|
2009-04-08 04:31:17 -06:00
|
|
|
#include <asm/mce.h>
|
|
|
|
|
#include <asm/msr.h>
|
2017-03-13 03:50:19 -06:00
|
|
|
#include <asm/reboot.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2018-11-18 07:15:05 -07:00
|
|
|
#include "internal.h"
|
2009-04-08 04:31:26 -06:00
|
|
|
|
2017-03-27 03:33:03 -06:00
|
|
|
static DEFINE_MUTEX(mce_log_mutex);
|
2010-03-05 16:03:27 -07:00
|
|
|
|
2018-03-06 07:21:43 -07:00
|
|
|
/* sysfs synchronization */
|
|
|
|
|
static DEFINE_MUTEX(mce_sysfs_mutex);
|
|
|
|
|
|
perf_event, x86, mce: Use TRACE_EVENT() for MCE logging
This approach is the first baby step towards solving many of the
structural problems the x86 MCE logging code is having today:
- It has a private ring-buffer implementation that has a number
of limitations and has been historically fragile and buggy.
- It is using a quirky /dev/mcelog ioctl driven ABI that is MCE
specific. /dev/mcelog is not part of any larger logging
framework and hence has remained on the fringes for many years.
- The MCE logging code is still very unclean partly due to its ABI
limitations. Fields are being reused for multiple purposes, and
the whole message structure is limited and x86 specific to begin
with.
All in one, the x86 tree would like to move away from this private
implementation of an event logging facility to a broader framework.
By using perf events we gain the following advantages:
- Multiple user-space agents can access MCE events. We can have an
mcelog daemon running but also a system-wide tracer capturing
important events in flight-recorder mode.
- Sampling support: the kernel and the user-space call-chain of MCE
events can be stored and analyzed as well. This way actual patterns
of bad behavior can be matched to precisely what kind of activity
happened in the kernel (and/or in the app) around that moment in
time.
- Coupling with other hardware and software events: the PMU can track a
number of other anomalies - monitoring software might chose to
monitor those plus the MCE events as well - in one coherent stream of
events.
- Discovery of MCE sources - tracepoints are enumerated and tools can
act upon the existence (or non-existence) of various channels of MCE
information.
- Filtering support: we just subscribe to and act upon the events we
are interested in. Then even on a per event source basis there's
in-kernel filter expressions available that can restrict the amount
of data that hits the event channel.
- Arbitrary deep per cpu buffering of events - we can buffer 32
entries or we can buffer as much as we want, as long as we have
the RAM.
- An NMI-safe ring-buffer implementation - mappable to user-space.
- Built-in support for timestamping of events, PID markers, CPU
markers, etc.
- A rich ABI accessible over system call interface. Per cpu, per task
and per workload monitoring of MCE events can be done this way. The
ABI itself has a nice, meaningful structure.
- Extensible ABI: new fields can be added without breaking tooling.
New tracepoints can be added as the hardware side evolves. There's
various parsers that can be used.
- Lots of scheduling/buffering/batching modes of operandi for MCE
events. poll() support. mmap() support. read() support. You name it.
- Rich tooling support: even without any MCE specific extensions added
the 'perf' tool today offers various views of MCE data: perf report,
perf stat, perf trace can all be used to view logged MCE events and
perhaps correlate them to certain user-space usage patterns. But it
can be used directly as well, for user-space agents and policy action
in mcelog, etc.
With this we hope to achieve significant code cleanup and feature
improvements in the MCE code, and we hope to be able to drop the
/dev/mcelog facility in the end.
This patch is just a plain dumb dump of mce_log() records to
the tracepoints / perf events framework - a first proof of
concept step.
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Cc: Huang Ying <ying.huang@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
LKML-Reference: <4AD42A0D.7050104@jp.fujitsu.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-10-13 01:19:41 -06:00
|
|
|
#define CREATE_TRACE_POINTS
|
|
|
|
|
#include <trace/events/mce.h>
|
|
|
|
|
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
#define SPINUNIT 100 /* 100ns */
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-05-27 13:56:52 -06:00
|
|
|
DEFINE_PER_CPU(unsigned, mce_exception_count);
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
DEFINE_PER_CPU_READ_MOSTLY(unsigned int, mce_num_banks);
|
|
|
|
|
|
2019-06-07 14:18:03 -06:00
|
|
|
struct mce_bank {
|
|
|
|
|
u64 ctl; /* subevents to enable */
|
|
|
|
|
bool init; /* initialise bank? */
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
};
|
|
|
|
|
static DEFINE_PER_CPU_READ_MOSTLY(struct mce_bank[MAX_NR_BANKS], mce_banks_array);
|
|
|
|
|
|
|
|
|
|
#define ATTR_LEN 16
|
|
|
|
|
/* One object for each MCE bank, shared by all CPUs */
|
|
|
|
|
struct mce_bank_dev {
|
2019-06-07 14:18:03 -06:00
|
|
|
struct device_attribute attr; /* device attribute */
|
|
|
|
|
char attrname[ATTR_LEN]; /* attribute name */
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
u8 bank; /* bank number */
|
2019-06-07 14:18:03 -06:00
|
|
|
};
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
static struct mce_bank_dev mce_bank_devs[MAX_NR_BANKS];
|
2019-06-07 14:18:03 -06:00
|
|
|
|
2015-03-23 09:42:52 -06:00
|
|
|
struct mce_vendor_flags mce_flags __read_mostly;
|
2009-07-08 16:31:43 -06:00
|
|
|
|
2012-10-15 10:03:57 -06:00
|
|
|
struct mca_config mca_cfg __read_mostly = {
|
2012-10-15 11:59:18 -06:00
|
|
|
.bootlog = -1,
|
2012-10-15 10:03:57 -06:00
|
|
|
/*
|
|
|
|
|
* Tolerant levels:
|
|
|
|
|
* 0: always panic on uncorrected errors, log corrected errors
|
|
|
|
|
* 1: panic or SIGBUS on uncorrected errors, log corrected errors
|
|
|
|
|
* 2: SIGBUS or log uncorrected errors (if possible), log corr. errors
|
|
|
|
|
* 3: never panic or SIGBUS, log all errors (for testing only)
|
|
|
|
|
*/
|
2012-10-15 11:59:18 -06:00
|
|
|
.tolerant = 1,
|
|
|
|
|
.monarch_timeout = -1
|
2012-10-15 10:03:57 -06:00
|
|
|
};
|
|
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
static DEFINE_PER_CPU(struct mce, mces_seen);
|
2017-03-27 03:33:03 -06:00
|
|
|
static unsigned long mce_need_notify;
|
|
|
|
|
static int cpu_missing;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2013-06-25 12:28:59 -06:00
|
|
|
/*
|
|
|
|
|
* MCA banks polled by the period polling timer for corrected events.
|
|
|
|
|
* With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
|
|
|
|
|
*/
|
2009-02-12 05:49:34 -07:00
|
|
|
DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
|
|
|
|
|
[0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
|
|
|
|
|
};
|
|
|
|
|
|
2013-07-01 09:38:47 -06:00
|
|
|
/*
|
|
|
|
|
* MCA banks controlled through firmware first for corrected errors.
|
|
|
|
|
* This is a global list of banks for which we won't enable CMCI and we
|
|
|
|
|
* won't poll. Firmware controls these banks and is responsible for
|
|
|
|
|
* reporting corrected errors through GHES. Uncorrected/recoverable
|
|
|
|
|
* errors are still notified through a machine check.
|
|
|
|
|
*/
|
|
|
|
|
mce_banks_t mce_banks_ce_disabled;
|
|
|
|
|
|
2015-08-12 10:29:35 -06:00
|
|
|
static struct work_struct mce_work;
|
|
|
|
|
static struct irq_work mce_irq_work;
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
|
2012-07-19 12:28:46 -06:00
|
|
|
static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs);
|
|
|
|
|
|
2011-12-04 07:12:09 -07:00
|
|
|
/*
|
|
|
|
|
* CPU/chipset specific EDAC code can register a notifier call here to print
|
|
|
|
|
* MCE errors in a human-readable form.
|
|
|
|
|
*/
|
2017-04-18 12:42:35 -06:00
|
|
|
BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain);
|
2011-12-04 07:12:09 -07:00
|
|
|
|
2009-02-12 05:43:22 -07:00
|
|
|
/* Do initial initialization of a struct mce */
|
|
|
|
|
void mce_setup(struct mce *m)
|
|
|
|
|
{
|
|
|
|
|
memset(m, 0, sizeof(struct mce));
|
2009-05-27 13:56:56 -06:00
|
|
|
m->cpu = m->extcpu = smp_processor_id();
|
2018-06-22 03:54:22 -06:00
|
|
|
/* need the internal __ version to avoid deadlocks */
|
|
|
|
|
m->time = __ktime_get_real_seconds();
|
2009-05-27 13:56:56 -06:00
|
|
|
m->cpuvendor = boot_cpu_data.x86_vendor;
|
|
|
|
|
m->cpuid = cpuid_eax(1);
|
|
|
|
|
m->socketid = cpu_data(m->extcpu).phys_proc_id;
|
|
|
|
|
m->apicid = cpu_data(m->extcpu).initial_apicid;
|
|
|
|
|
rdmsrl(MSR_IA32_MCG_CAP, m->mcgcap);
|
2016-11-18 10:48:36 -07:00
|
|
|
|
|
|
|
|
if (this_cpu_has(X86_FEATURE_INTEL_PPIN))
|
|
|
|
|
rdmsrl(MSR_PPIN, m->ppin);
|
2018-03-06 07:21:41 -07:00
|
|
|
|
|
|
|
|
m->microcode = boot_cpu_data.microcode;
|
2009-02-12 05:43:22 -07:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 11:31:00 -06:00
|
|
|
DEFINE_PER_CPU(struct mce, injectm);
|
|
|
|
|
EXPORT_PER_CPU_SYMBOL_GPL(injectm);
|
|
|
|
|
|
2017-03-27 03:33:00 -06:00
|
|
|
void mce_log(struct mce *m)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2017-03-27 03:33:00 -06:00
|
|
|
if (!mce_gen_pool_add(m))
|
2015-08-12 10:29:37 -06:00
|
|
|
irq_work_queue(&mce_irq_work);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-08-12 10:29:44 -06:00
|
|
|
void mce_inject_log(struct mce *m)
|
2011-12-08 04:28:33 -07:00
|
|
|
{
|
2017-03-27 03:33:03 -06:00
|
|
|
mutex_lock(&mce_log_mutex);
|
2015-08-12 10:29:44 -06:00
|
|
|
mce_log(m);
|
2017-03-27 03:33:03 -06:00
|
|
|
mutex_unlock(&mce_log_mutex);
|
2011-12-08 04:28:33 -07:00
|
|
|
}
|
2015-08-12 10:29:44 -06:00
|
|
|
EXPORT_SYMBOL_GPL(mce_inject_log);
|
2011-12-08 04:28:33 -07:00
|
|
|
|
2015-08-12 10:29:36 -06:00
|
|
|
static struct notifier_block mce_srao_nb;
|
2011-12-08 04:28:33 -07:00
|
|
|
|
2017-03-27 03:33:02 -06:00
|
|
|
/*
|
|
|
|
|
* We run the default notifier if we have only the SRAO, the first and the
|
|
|
|
|
* default notifier registered. I.e., the mandatory NUM_DEFAULT_NOTIFIERS
|
|
|
|
|
* notifiers registered on the chain.
|
|
|
|
|
*/
|
|
|
|
|
#define NUM_DEFAULT_NOTIFIERS 3
|
2016-11-01 05:52:27 -06:00
|
|
|
static atomic_t num_notifiers;
|
|
|
|
|
|
2011-12-04 07:12:09 -07:00
|
|
|
void mce_register_decode_chain(struct notifier_block *nb)
|
|
|
|
|
{
|
2017-04-18 01:33:28 -06:00
|
|
|
if (WARN_ON(nb->priority > MCE_PRIO_MCELOG && nb->priority < MCE_PRIO_EDAC))
|
2017-03-27 03:33:04 -06:00
|
|
|
return;
|
2016-11-01 05:52:27 -06:00
|
|
|
|
2017-03-27 03:33:04 -06:00
|
|
|
atomic_inc(&num_notifiers);
|
2015-08-12 10:29:36 -06:00
|
|
|
|
2017-04-18 12:42:35 -06:00
|
|
|
blocking_notifier_chain_register(&x86_mce_decoder_chain, nb);
|
2011-12-04 07:12:09 -07:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(mce_register_decode_chain);
|
|
|
|
|
|
|
|
|
|
void mce_unregister_decode_chain(struct notifier_block *nb)
|
|
|
|
|
{
|
2016-11-01 05:52:27 -06:00
|
|
|
atomic_dec(&num_notifiers);
|
|
|
|
|
|
2017-04-18 12:42:35 -06:00
|
|
|
blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb);
|
2011-12-04 07:12:09 -07:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(mce_unregister_decode_chain);
|
|
|
|
|
|
2016-04-30 06:33:54 -06:00
|
|
|
static inline u32 ctl_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_IA32_MCx_CTL(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 status_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_IA32_MCx_STATUS(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 addr_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_IA32_MCx_ADDR(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 misc_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_IA32_MCx_MISC(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 smca_ctl_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_AMD64_SMCA_MCx_CTL(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 smca_status_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_AMD64_SMCA_MCx_STATUS(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 smca_addr_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_AMD64_SMCA_MCx_ADDR(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 smca_misc_reg(int bank)
|
|
|
|
|
{
|
|
|
|
|
return MSR_AMD64_SMCA_MCx_MISC(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct mca_msr_regs msr_ops = {
|
|
|
|
|
.ctl = ctl_reg,
|
|
|
|
|
.status = status_reg,
|
|
|
|
|
.addr = addr_reg,
|
|
|
|
|
.misc = misc_reg
|
|
|
|
|
};
|
|
|
|
|
|
2016-11-01 05:52:27 -06:00
|
|
|
static void __print_mce(struct mce *m)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2016-11-01 05:52:27 -06:00
|
|
|
pr_emerg(HW_ERR "CPU %d: Machine Check%s: %Lx Bank %d: %016Lx\n",
|
|
|
|
|
m->extcpu,
|
|
|
|
|
(m->mcgstatus & MCG_STATUS_MCIP ? " Exception" : ""),
|
|
|
|
|
m->mcgstatus, m->bank, m->status);
|
2009-10-01 08:14:32 -06:00
|
|
|
|
2008-01-30 05:30:56 -07:00
|
|
|
if (m->ip) {
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_emerg(HW_ERR "RIP%s %02x:<%016Lx> ",
|
2009-10-01 08:14:32 -06:00
|
|
|
!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
|
2016-11-01 05:52:27 -06:00
|
|
|
m->cs, m->ip);
|
2009-10-01 08:14:32 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (m->cs == __KERNEL_CS)
|
2018-02-10 07:53:14 -07:00
|
|
|
pr_cont("{%pS}", (void *)(unsigned long)m->ip);
|
2009-10-01 08:14:32 -06:00
|
|
|
pr_cont("\n");
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2009-10-01 08:14:32 -06:00
|
|
|
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_emerg(HW_ERR "TSC %llx ", m->tsc);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (m->addr)
|
2009-10-01 08:14:32 -06:00
|
|
|
pr_cont("ADDR %llx ", m->addr);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (m->misc)
|
2009-10-01 08:14:32 -06:00
|
|
|
pr_cont("MISC %llx ", m->misc);
|
2009-07-24 05:51:42 -06:00
|
|
|
|
2016-09-12 01:59:38 -06:00
|
|
|
if (mce_flags.smca) {
|
|
|
|
|
if (m->synd)
|
|
|
|
|
pr_cont("SYND %llx ", m->synd);
|
|
|
|
|
if (m->ipid)
|
|
|
|
|
pr_cont("IPID %llx ", m->ipid);
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-01 08:14:32 -06:00
|
|
|
pr_cont("\n");
|
2011-10-12 18:46:33 -06:00
|
|
|
/*
|
|
|
|
|
* Note this output is parsed by external tools and old fields
|
|
|
|
|
* should not be changed.
|
|
|
|
|
*/
|
2011-10-17 08:45:10 -06:00
|
|
|
pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
|
2011-10-12 18:46:33 -06:00
|
|
|
m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
|
2018-03-06 07:21:41 -07:00
|
|
|
m->microcode);
|
2016-11-01 05:52:27 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void print_mce(struct mce *m)
|
|
|
|
|
{
|
|
|
|
|
__print_mce(m);
|
2018-02-21 03:18:55 -07:00
|
|
|
|
2018-09-23 03:36:04 -06:00
|
|
|
if (m->cpuvendor != X86_VENDOR_AMD && m->cpuvendor != X86_VENDOR_HYGON)
|
2018-02-21 03:18:55 -07:00
|
|
|
pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n");
|
2009-05-27 13:56:58 -06:00
|
|
|
}
|
|
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
#define PANIC_TIMEOUT 5 /* 5 seconds */
|
|
|
|
|
|
2014-12-03 14:36:45 -07:00
|
|
|
static atomic_t mce_panicked;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
static int fake_panic;
|
2014-12-03 14:36:45 -07:00
|
|
|
static atomic_t mce_fake_panicked;
|
2009-07-30 19:41:43 -06:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
/* Panic in progress. Enable interrupts and wait for final IPI */
|
|
|
|
|
static void wait_for_panic(void)
|
|
|
|
|
{
|
|
|
|
|
long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
|
2009-10-01 08:14:32 -06:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
preempt_disable();
|
|
|
|
|
local_irq_enable();
|
|
|
|
|
while (timeout-- > 0)
|
|
|
|
|
udelay(1);
|
2009-05-27 13:56:56 -06:00
|
|
|
if (panic_timeout == 0)
|
2012-10-15 12:25:17 -06:00
|
|
|
panic_timeout = mca_cfg.panic_timeout;
|
2009-05-27 13:56:55 -06:00
|
|
|
panic("Panicing machine check CPU died");
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-21 09:18:25 -07:00
|
|
|
static void mce_panic(const char *msg, struct mce *final, char *exp)
|
2007-10-23 14:37:23 -06:00
|
|
|
{
|
2016-04-30 06:33:56 -06:00
|
|
|
int apei_err = 0;
|
|
|
|
|
struct llist_node *pending;
|
|
|
|
|
struct mce_evt_llist *l;
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
if (!fake_panic) {
|
|
|
|
|
/*
|
|
|
|
|
* Make sure only one CPU runs in machine check panic
|
|
|
|
|
*/
|
2014-12-03 14:36:45 -07:00
|
|
|
if (atomic_inc_return(&mce_panicked) > 1)
|
2009-07-30 19:41:43 -06:00
|
|
|
wait_for_panic();
|
|
|
|
|
barrier();
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
bust_spinlocks(1);
|
|
|
|
|
console_verbose();
|
|
|
|
|
} else {
|
|
|
|
|
/* Don't log too much for fake panic */
|
2014-12-03 14:36:45 -07:00
|
|
|
if (atomic_inc_return(&mce_fake_panicked) > 1)
|
2009-07-30 19:41:43 -06:00
|
|
|
return;
|
|
|
|
|
}
|
2016-04-30 06:33:56 -06:00
|
|
|
pending = mce_gen_pool_prepare_records();
|
2009-05-27 13:56:54 -06:00
|
|
|
/* First print corrected ones that are still unlogged */
|
2016-04-30 06:33:56 -06:00
|
|
|
llist_for_each_entry(l, pending, llnode) {
|
|
|
|
|
struct mce *m = &l->mce;
|
ACPI, APEI, Use ERST for persistent storage of MCE
Traditionally, fatal MCE will cause Linux print error log to console
then reboot. Because MCE registers will preserve their content after
warm reboot, the hardware error can be logged to disk or network after
reboot. But system may fail to warm reboot, then you may lose the
hardware error log. ERST can help here. Through saving the hardware
error log into flash via ERST before go panic, the hardware error log
can be gotten from the flash after system boot successful again.
The fatal MCE processing procedure with ERST involved is as follow:
- Hardware detect error, MCE raised
- MCE read MCE registers, check error severity (fatal), prepare error record
- Write MCE error record into flash via ERST
- Go panic, then trigger system reboot
- System reboot, /sbin/mcelog run, it reads /dev/mcelog to check flash
for error record of previous boot via ERST, and output and clear
them if available
- /sbin/mcelog logs error records into disk or network
ERST only accepts CPER record format, but there is no pre-defined CPER
section can accommodate all information in struct mce, so a customized
section type is defined to hold struct mce inside a CPER record as an
error section.
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-18 00:35:22 -06:00
|
|
|
if (!(m->status & MCI_STATUS_UC)) {
|
2009-06-11 01:04:35 -06:00
|
|
|
print_mce(m);
|
ACPI, APEI, Use ERST for persistent storage of MCE
Traditionally, fatal MCE will cause Linux print error log to console
then reboot. Because MCE registers will preserve their content after
warm reboot, the hardware error can be logged to disk or network after
reboot. But system may fail to warm reboot, then you may lose the
hardware error log. ERST can help here. Through saving the hardware
error log into flash via ERST before go panic, the hardware error log
can be gotten from the flash after system boot successful again.
The fatal MCE processing procedure with ERST involved is as follow:
- Hardware detect error, MCE raised
- MCE read MCE registers, check error severity (fatal), prepare error record
- Write MCE error record into flash via ERST
- Go panic, then trigger system reboot
- System reboot, /sbin/mcelog run, it reads /dev/mcelog to check flash
for error record of previous boot via ERST, and output and clear
them if available
- /sbin/mcelog logs error records into disk or network
ERST only accepts CPER record format, but there is no pre-defined CPER
section can accommodate all information in struct mce, so a customized
section type is defined to hold struct mce inside a CPER record as an
error section.
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-18 00:35:22 -06:00
|
|
|
if (!apei_err)
|
|
|
|
|
apei_err = apei_write_mce(m);
|
|
|
|
|
}
|
2009-05-27 13:56:54 -06:00
|
|
|
}
|
|
|
|
|
/* Now print uncorrected but with the final one last */
|
2016-04-30 06:33:56 -06:00
|
|
|
llist_for_each_entry(l, pending, llnode) {
|
|
|
|
|
struct mce *m = &l->mce;
|
2009-06-11 01:04:35 -06:00
|
|
|
if (!(m->status & MCI_STATUS_UC))
|
|
|
|
|
continue;
|
2016-04-30 06:33:56 -06:00
|
|
|
if (!final || mce_cmp(m, final)) {
|
2009-06-11 01:04:35 -06:00
|
|
|
print_mce(m);
|
ACPI, APEI, Use ERST for persistent storage of MCE
Traditionally, fatal MCE will cause Linux print error log to console
then reboot. Because MCE registers will preserve their content after
warm reboot, the hardware error can be logged to disk or network after
reboot. But system may fail to warm reboot, then you may lose the
hardware error log. ERST can help here. Through saving the hardware
error log into flash via ERST before go panic, the hardware error log
can be gotten from the flash after system boot successful again.
The fatal MCE processing procedure with ERST involved is as follow:
- Hardware detect error, MCE raised
- MCE read MCE registers, check error severity (fatal), prepare error record
- Write MCE error record into flash via ERST
- Go panic, then trigger system reboot
- System reboot, /sbin/mcelog run, it reads /dev/mcelog to check flash
for error record of previous boot via ERST, and output and clear
them if available
- /sbin/mcelog logs error records into disk or network
ERST only accepts CPER record format, but there is no pre-defined CPER
section can accommodate all information in struct mce, so a customized
section type is defined to hold struct mce inside a CPER record as an
error section.
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-18 00:35:22 -06:00
|
|
|
if (!apei_err)
|
|
|
|
|
apei_err = apei_write_mce(m);
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
ACPI, APEI, Use ERST for persistent storage of MCE
Traditionally, fatal MCE will cause Linux print error log to console
then reboot. Because MCE registers will preserve their content after
warm reboot, the hardware error can be logged to disk or network after
reboot. But system may fail to warm reboot, then you may lose the
hardware error log. ERST can help here. Through saving the hardware
error log into flash via ERST before go panic, the hardware error log
can be gotten from the flash after system boot successful again.
The fatal MCE processing procedure with ERST involved is as follow:
- Hardware detect error, MCE raised
- MCE read MCE registers, check error severity (fatal), prepare error record
- Write MCE error record into flash via ERST
- Go panic, then trigger system reboot
- System reboot, /sbin/mcelog run, it reads /dev/mcelog to check flash
for error record of previous boot via ERST, and output and clear
them if available
- /sbin/mcelog logs error records into disk or network
ERST only accepts CPER record format, but there is no pre-defined CPER
section can accommodate all information in struct mce, so a customized
section type is defined to hold struct mce inside a CPER record as an
error section.
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-18 00:35:22 -06:00
|
|
|
if (final) {
|
2009-06-11 01:04:35 -06:00
|
|
|
print_mce(final);
|
ACPI, APEI, Use ERST for persistent storage of MCE
Traditionally, fatal MCE will cause Linux print error log to console
then reboot. Because MCE registers will preserve their content after
warm reboot, the hardware error can be logged to disk or network after
reboot. But system may fail to warm reboot, then you may lose the
hardware error log. ERST can help here. Through saving the hardware
error log into flash via ERST before go panic, the hardware error log
can be gotten from the flash after system boot successful again.
The fatal MCE processing procedure with ERST involved is as follow:
- Hardware detect error, MCE raised
- MCE read MCE registers, check error severity (fatal), prepare error record
- Write MCE error record into flash via ERST
- Go panic, then trigger system reboot
- System reboot, /sbin/mcelog run, it reads /dev/mcelog to check flash
for error record of previous boot via ERST, and output and clear
them if available
- /sbin/mcelog logs error records into disk or network
ERST only accepts CPER record format, but there is no pre-defined CPER
section can accommodate all information in struct mce, so a customized
section type is defined to hold struct mce inside a CPER record as an
error section.
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-18 00:35:22 -06:00
|
|
|
if (!apei_err)
|
|
|
|
|
apei_err = apei_write_mce(final);
|
|
|
|
|
}
|
2009-05-27 13:56:55 -06:00
|
|
|
if (cpu_missing)
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_emerg(HW_ERR "Some CPUs didn't answer in synchronization\n");
|
2009-05-27 13:56:55 -06:00
|
|
|
if (exp)
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_emerg(HW_ERR "Machine check: %s\n", exp);
|
2009-07-30 19:41:43 -06:00
|
|
|
if (!fake_panic) {
|
|
|
|
|
if (panic_timeout == 0)
|
2012-10-15 12:25:17 -06:00
|
|
|
panic_timeout = mca_cfg.panic_timeout;
|
2009-07-30 19:41:43 -06:00
|
|
|
panic(msg);
|
|
|
|
|
} else
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
|
2007-10-23 14:37:23 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-04-29 11:31:00 -06:00
|
|
|
/* Support code for software error injection */
|
|
|
|
|
|
|
|
|
|
static int msr_to_offset(u32 msr)
|
|
|
|
|
{
|
2010-12-18 08:28:55 -07:00
|
|
|
unsigned bank = __this_cpu_read(injectm.bank);
|
2009-10-01 08:14:32 -06:00
|
|
|
|
2012-10-15 11:59:18 -06:00
|
|
|
if (msr == mca_cfg.rip_msr)
|
2009-04-29 11:31:00 -06:00
|
|
|
return offsetof(struct mce, ip);
|
2016-04-30 06:33:55 -06:00
|
|
|
if (msr == msr_ops.status(bank))
|
2009-04-29 11:31:00 -06:00
|
|
|
return offsetof(struct mce, status);
|
2016-04-30 06:33:55 -06:00
|
|
|
if (msr == msr_ops.addr(bank))
|
2009-04-29 11:31:00 -06:00
|
|
|
return offsetof(struct mce, addr);
|
2016-04-30 06:33:55 -06:00
|
|
|
if (msr == msr_ops.misc(bank))
|
2009-04-29 11:31:00 -06:00
|
|
|
return offsetof(struct mce, misc);
|
|
|
|
|
if (msr == MSR_IA32_MCG_STATUS)
|
|
|
|
|
return offsetof(struct mce, mcgstatus);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-06 15:02:52 -06:00
|
|
|
__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
|
|
|
|
|
struct pt_regs *regs, int trapnr,
|
|
|
|
|
unsigned long error_code,
|
|
|
|
|
unsigned long fault_addr)
|
|
|
|
|
{
|
|
|
|
|
pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
|
|
|
|
|
(unsigned int)regs->cx, regs->ip, (void *)regs->ip);
|
|
|
|
|
|
|
|
|
|
show_stack_regs(regs);
|
|
|
|
|
|
|
|
|
|
panic("MCA architectural violation!\n");
|
|
|
|
|
|
|
|
|
|
while (true)
|
|
|
|
|
cpu_relax();
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-29 11:29:12 -06:00
|
|
|
/* MSR access wrappers used for error injection */
|
|
|
|
|
static u64 mce_rdmsrl(u32 msr)
|
|
|
|
|
{
|
2020-09-06 15:02:52 -06:00
|
|
|
DECLARE_ARGS(val, low, high);
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2010-12-18 08:28:55 -07:00
|
|
|
if (__this_cpu_read(injectm.finished)) {
|
2009-04-29 11:31:00 -06:00
|
|
|
int offset = msr_to_offset(msr);
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2009-04-29 11:31:00 -06:00
|
|
|
if (offset < 0)
|
|
|
|
|
return 0;
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
return *(u64 *)((char *)this_cpu_ptr(&injectm) + offset);
|
2009-04-29 11:31:00 -06:00
|
|
|
}
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2020-09-06 15:02:52 -06:00
|
|
|
/*
|
|
|
|
|
* RDMSR on MCA MSRs should not fault. If they do, this is very much an
|
|
|
|
|
* architectural violation and needs to be reported to hw vendor. Panic
|
|
|
|
|
* the box to not allow any further progress.
|
|
|
|
|
*/
|
|
|
|
|
asm volatile("1: rdmsr\n"
|
|
|
|
|
"2:\n"
|
|
|
|
|
_ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_rdmsr_fault)
|
|
|
|
|
: EAX_EDX_RET(val, low, high) : "c" (msr));
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2020-09-06 15:02:52 -06:00
|
|
|
|
|
|
|
|
return EAX_EDX_VAL(val, low, high);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
__visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
|
|
|
|
|
struct pt_regs *regs, int trapnr,
|
|
|
|
|
unsigned long error_code,
|
|
|
|
|
unsigned long fault_addr)
|
|
|
|
|
{
|
|
|
|
|
pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
|
|
|
|
|
(unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
|
|
|
|
|
regs->ip, (void *)regs->ip);
|
|
|
|
|
|
|
|
|
|
show_stack_regs(regs);
|
|
|
|
|
|
|
|
|
|
panic("MCA architectural violation!\n");
|
|
|
|
|
|
|
|
|
|
while (true)
|
|
|
|
|
cpu_relax();
|
|
|
|
|
|
|
|
|
|
return true;
|
2009-04-29 11:29:12 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void mce_wrmsrl(u32 msr, u64 v)
|
|
|
|
|
{
|
2020-09-06 15:02:52 -06:00
|
|
|
u32 low, high;
|
|
|
|
|
|
2010-12-18 08:28:55 -07:00
|
|
|
if (__this_cpu_read(injectm.finished)) {
|
2009-04-29 11:31:00 -06:00
|
|
|
int offset = msr_to_offset(msr);
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2009-04-29 11:31:00 -06:00
|
|
|
if (offset >= 0)
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
*(u64 *)((char *)this_cpu_ptr(&injectm) + offset) = v;
|
2009-04-29 11:31:00 -06:00
|
|
|
return;
|
|
|
|
|
}
|
2020-09-06 15:02:52 -06:00
|
|
|
|
|
|
|
|
low = (u32)v;
|
|
|
|
|
high = (u32)(v >> 32);
|
|
|
|
|
|
|
|
|
|
/* See comment in mce_rdmsrl() */
|
|
|
|
|
asm volatile("1: wrmsr\n"
|
|
|
|
|
"2:\n"
|
|
|
|
|
_ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wrmsr_fault)
|
|
|
|
|
: : "c" (msr), "a"(low), "d" (high) : "memory");
|
2009-04-29 11:29:12 -06:00
|
|
|
}
|
|
|
|
|
|
2011-06-07 19:57:46 -06:00
|
|
|
/*
|
|
|
|
|
* Collect all global (w.r.t. this processor) status about this machine
|
|
|
|
|
* check into our "mce" struct so that we can use it later to assess
|
|
|
|
|
* the severity of the problem as we read per-bank specific details.
|
|
|
|
|
*/
|
|
|
|
|
static inline void mce_gather_info(struct mce *m, struct pt_regs *regs)
|
|
|
|
|
{
|
|
|
|
|
mce_setup(m);
|
|
|
|
|
|
|
|
|
|
m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
|
|
|
|
|
if (regs) {
|
|
|
|
|
/*
|
|
|
|
|
* Get the address of the instruction at the time of
|
|
|
|
|
* the machine check error.
|
|
|
|
|
*/
|
|
|
|
|
if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) {
|
|
|
|
|
m->ip = regs->ip;
|
|
|
|
|
m->cs = regs->cs;
|
2010-11-19 05:16:22 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When in VM86 mode make the cs look like ring 3
|
|
|
|
|
* always. This is a lie, but it's better than passing
|
|
|
|
|
* the additional vm86 bit around everywhere.
|
|
|
|
|
*/
|
|
|
|
|
if (v8086_mode(regs))
|
|
|
|
|
m->cs |= 3;
|
2011-06-07 19:57:46 -06:00
|
|
|
}
|
|
|
|
|
/* Use accurate RIP reporting if available. */
|
2012-10-15 11:59:18 -06:00
|
|
|
if (mca_cfg.rip_msr)
|
|
|
|
|
m->ip = mce_rdmsrl(mca_cfg.rip_msr);
|
2011-06-07 19:57:46 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-12 05:49:36 -07:00
|
|
|
int mce_available(struct cpuinfo_x86 *c)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2012-10-17 04:05:33 -06:00
|
|
|
if (mca_cfg.disabled)
|
2009-02-12 05:39:30 -07:00
|
|
|
return 0;
|
2006-03-24 04:15:11 -07:00
|
|
|
return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
static void mce_schedule_work(void)
|
|
|
|
|
{
|
2016-09-16 13:49:32 -06:00
|
|
|
if (!mce_gen_pool_empty())
|
2015-08-12 10:29:35 -06:00
|
|
|
schedule_work(&mce_work);
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
}
|
|
|
|
|
|
2011-06-07 19:56:02 -06:00
|
|
|
static void mce_irq_work_cb(struct irq_work *entry)
|
2009-05-27 13:56:54 -06:00
|
|
|
{
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
mce_schedule_work();
|
2009-05-27 13:56:54 -06:00
|
|
|
}
|
|
|
|
|
|
2015-11-24 00:41:20 -07:00
|
|
|
/*
|
|
|
|
|
* Check if the address reported by the CPU is in a format we can parse.
|
|
|
|
|
* It would be possible to add code for most other cases, but all would
|
|
|
|
|
* be somewhat complicated (e.g. segment offset would require an instruction
|
|
|
|
|
* parser). So only support physical addresses up to page granuality for now.
|
|
|
|
|
*/
|
2018-10-25 18:37:29 -06:00
|
|
|
int mce_usable_address(struct mce *m)
|
2015-11-24 00:41:20 -07:00
|
|
|
{
|
2017-04-18 12:39:24 -06:00
|
|
|
if (!(m->status & MCI_STATUS_ADDRV))
|
2015-11-24 00:41:20 -07:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Checks after this one are Intel-specific: */
|
|
|
|
|
if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
|
|
|
|
|
return 1;
|
|
|
|
|
|
2017-04-18 12:39:24 -06:00
|
|
|
if (!(m->status & MCI_STATUS_MISCV))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-11-24 00:41:20 -07:00
|
|
|
if (MCI_MISC_ADDR_LSB(m->misc) > PAGE_SHIFT)
|
|
|
|
|
return 0;
|
2017-04-18 12:39:24 -06:00
|
|
|
|
2015-11-24 00:41:20 -07:00
|
|
|
if (MCI_MISC_ADDR_MODE(m->misc) != MCI_MISC_ADDR_PHYS)
|
|
|
|
|
return 0;
|
2017-04-18 12:39:24 -06:00
|
|
|
|
2015-11-24 00:41:20 -07:00
|
|
|
return 1;
|
|
|
|
|
}
|
2018-10-25 18:37:29 -06:00
|
|
|
EXPORT_SYMBOL_GPL(mce_usable_address);
|
2015-11-24 00:41:20 -07:00
|
|
|
|
2017-05-19 03:39:09 -06:00
|
|
|
bool mce_is_memory_error(struct mce *m)
|
2017-03-27 03:33:02 -06:00
|
|
|
{
|
2018-09-23 03:36:04 -06:00
|
|
|
if (m->cpuvendor == X86_VENDOR_AMD ||
|
|
|
|
|
m->cpuvendor == X86_VENDOR_HYGON) {
|
2017-12-18 04:37:13 -07:00
|
|
|
return amd_mce_is_memory_error(m);
|
2017-05-19 03:39:09 -06:00
|
|
|
} else if (m->cpuvendor == X86_VENDOR_INTEL) {
|
2017-03-27 03:33:02 -06:00
|
|
|
/*
|
|
|
|
|
* Intel SDM Volume 3B - 15.9.2 Compound Error Codes
|
|
|
|
|
*
|
|
|
|
|
* Bit 7 of the MCACOD field of IA32_MCi_STATUS is used for
|
|
|
|
|
* indicating a memory error. Bit 8 is used for indicating a
|
|
|
|
|
* cache hierarchy error. The combination of bit 2 and bit 3
|
|
|
|
|
* is used for indicating a `generic' cache hierarchy error
|
|
|
|
|
* But we can't just blindly check the above bits, because if
|
|
|
|
|
* bit 11 is set, then it is a bus/interconnect error - and
|
|
|
|
|
* either way the above bits just gives more detail on what
|
|
|
|
|
* bus/interconnect error happened. Note that bit 12 can be
|
|
|
|
|
* ignored, as it's the "filter" bit.
|
|
|
|
|
*/
|
|
|
|
|
return (m->status & 0xef80) == BIT(7) ||
|
|
|
|
|
(m->status & 0xef00) == BIT(8) ||
|
|
|
|
|
(m->status & 0xeffc) == 0xc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2017-05-19 03:39:09 -06:00
|
|
|
EXPORT_SYMBOL_GPL(mce_is_memory_error);
|
2017-03-27 03:33:02 -06:00
|
|
|
|
2020-05-20 10:35:46 -06:00
|
|
|
static bool whole_page(struct mce *m)
|
|
|
|
|
{
|
|
|
|
|
if (!mca_cfg.ser || !(m->status & MCI_STATUS_MISCV))
|
|
|
|
|
return true;
|
|
|
|
|
return MCI_MISC_ADDR_LSB(m->misc) >= PAGE_SHIFT;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-25 18:37:28 -06:00
|
|
|
bool mce_is_correctable(struct mce *m)
|
2017-12-18 04:37:14 -07:00
|
|
|
{
|
|
|
|
|
if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
|
|
|
|
|
return false;
|
|
|
|
|
|
2018-09-23 03:36:04 -06:00
|
|
|
if (m->cpuvendor == X86_VENDOR_HYGON && m->status & MCI_STATUS_DEFERRED)
|
|
|
|
|
return false;
|
|
|
|
|
|
2017-12-18 04:37:14 -07:00
|
|
|
if (m->status & MCI_STATUS_UC)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2018-10-25 18:37:28 -06:00
|
|
|
EXPORT_SYMBOL_GPL(mce_is_correctable);
|
2017-12-18 04:37:14 -07:00
|
|
|
|
2017-03-27 03:33:02 -06:00
|
|
|
static bool cec_add_mce(struct mce *m)
|
|
|
|
|
{
|
|
|
|
|
if (!m)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
/* We eat only correctable DRAM errors with usable addresses. */
|
2017-05-19 03:39:09 -06:00
|
|
|
if (mce_is_memory_error(m) &&
|
2017-12-18 04:37:14 -07:00
|
|
|
mce_is_correctable(m) &&
|
2017-03-27 03:33:02 -06:00
|
|
|
mce_usable_address(m))
|
|
|
|
|
if (!cec_add_elem(m->addr >> PAGE_SHIFT))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int mce_first_notifier(struct notifier_block *nb, unsigned long val,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
struct mce *m = (struct mce *)data;
|
|
|
|
|
|
|
|
|
|
if (!m)
|
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
|
|
|
|
|
if (cec_add_mce(m))
|
|
|
|
|
return NOTIFY_STOP;
|
|
|
|
|
|
|
|
|
|
/* Emit the trace record: */
|
|
|
|
|
trace_mce_record(m);
|
|
|
|
|
|
|
|
|
|
set_bit(0, &mce_need_notify);
|
|
|
|
|
|
|
|
|
|
mce_notify_irq();
|
|
|
|
|
|
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct notifier_block first_nb = {
|
|
|
|
|
.notifier_call = mce_first_notifier,
|
|
|
|
|
.priority = MCE_PRIO_FIRST,
|
|
|
|
|
};
|
|
|
|
|
|
2015-08-12 10:29:36 -06:00
|
|
|
static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
struct mce *mce = (struct mce *)data;
|
|
|
|
|
unsigned long pfn;
|
|
|
|
|
|
|
|
|
|
if (!mce)
|
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
|
2015-11-24 00:41:18 -07:00
|
|
|
if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
|
2015-08-12 10:29:36 -06:00
|
|
|
pfn = mce->addr >> PAGE_SHIFT;
|
2018-01-25 15:23:48 -07:00
|
|
|
if (!memory_failure(pfn, 0))
|
2020-05-20 10:35:46 -06:00
|
|
|
set_mce_nospec(pfn, whole_page(mce));
|
2015-08-12 10:29:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NOTIFY_OK;
|
2009-05-27 13:56:54 -06:00
|
|
|
}
|
2015-08-12 10:29:36 -06:00
|
|
|
static struct notifier_block mce_srao_nb = {
|
|
|
|
|
.notifier_call = srao_decode_notifier,
|
2017-01-23 11:35:14 -07:00
|
|
|
.priority = MCE_PRIO_SRAO,
|
2015-08-12 10:29:36 -06:00
|
|
|
};
|
2009-05-27 13:56:54 -06:00
|
|
|
|
2016-11-01 05:52:27 -06:00
|
|
|
static int mce_default_notifier(struct notifier_block *nb, unsigned long val,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
struct mce *m = (struct mce *)data;
|
|
|
|
|
|
|
|
|
|
if (!m)
|
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
|
2017-03-27 03:33:02 -06:00
|
|
|
if (atomic_read(&num_notifiers) > NUM_DEFAULT_NOTIFIERS)
|
2017-03-27 03:32:59 -06:00
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
|
2016-11-01 05:52:27 -06:00
|
|
|
__print_mce(m);
|
|
|
|
|
|
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct notifier_block mce_default_nb = {
|
|
|
|
|
.notifier_call = mce_default_notifier,
|
|
|
|
|
/* lowest prio, we want it to run last. */
|
2017-01-23 11:35:14 -07:00
|
|
|
.priority = MCE_PRIO_LOWEST,
|
2016-11-01 05:52:27 -06:00
|
|
|
};
|
|
|
|
|
|
2011-12-13 10:48:13 -07:00
|
|
|
/*
|
|
|
|
|
* Read ADDR and MISC registers.
|
|
|
|
|
*/
|
|
|
|
|
static void mce_read_aux(struct mce *m, int i)
|
|
|
|
|
{
|
|
|
|
|
if (m->status & MCI_STATUS_MISCV)
|
2016-04-30 06:33:55 -06:00
|
|
|
m->misc = mce_rdmsrl(msr_ops.misc(i));
|
2016-09-12 01:59:28 -06:00
|
|
|
|
2011-12-13 10:48:13 -07:00
|
|
|
if (m->status & MCI_STATUS_ADDRV) {
|
2016-04-30 06:33:55 -06:00
|
|
|
m->addr = mce_rdmsrl(msr_ops.addr(i));
|
2011-12-13 10:48:13 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Mask the reported address by the reported granularity.
|
|
|
|
|
*/
|
2012-10-17 04:05:33 -06:00
|
|
|
if (mca_cfg.ser && (m->status & MCI_STATUS_MISCV)) {
|
2011-12-13 10:48:13 -07:00
|
|
|
u8 shift = MCI_MISC_ADDR_LSB(m->misc);
|
|
|
|
|
m->addr >>= shift;
|
|
|
|
|
m->addr <<= shift;
|
|
|
|
|
}
|
2016-09-12 01:59:39 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Extract [55:<lsb>] where lsb is the least significant
|
|
|
|
|
* *valid* bit of the address bits.
|
|
|
|
|
*/
|
|
|
|
|
if (mce_flags.smca) {
|
|
|
|
|
u8 lsb = (m->addr >> 56) & 0x3f;
|
|
|
|
|
|
|
|
|
|
m->addr &= GENMASK_ULL(55, lsb);
|
|
|
|
|
}
|
2011-12-13 10:48:13 -07:00
|
|
|
}
|
2016-09-12 01:59:28 -06:00
|
|
|
|
2016-09-12 01:59:37 -06:00
|
|
|
if (mce_flags.smca) {
|
|
|
|
|
m->ipid = mce_rdmsrl(MSR_AMD64_SMCA_MCx_IPID(i));
|
|
|
|
|
|
|
|
|
|
if (m->status & MCI_STATUS_SYNDV)
|
|
|
|
|
m->synd = mce_rdmsrl(MSR_AMD64_SMCA_MCx_SYND(i));
|
|
|
|
|
}
|
2011-12-13 10:48:13 -07:00
|
|
|
}
|
|
|
|
|
|
2009-05-27 13:56:57 -06:00
|
|
|
DEFINE_PER_CPU(unsigned, mce_poll_count);
|
|
|
|
|
|
2007-10-23 14:37:23 -06:00
|
|
|
/*
|
2009-02-12 05:43:23 -07:00
|
|
|
* Poll for corrected events or events that happened before reset.
|
|
|
|
|
* Those are just logged through /dev/mcelog.
|
|
|
|
|
*
|
|
|
|
|
* This is executed in standard interrupt context.
|
2009-05-27 13:56:57 -06:00
|
|
|
*
|
|
|
|
|
* Note: spec recommends to panic for fatal unsignalled
|
|
|
|
|
* errors here. However this would be quite problematic --
|
|
|
|
|
* we would need to reimplement the Monarch handling and
|
|
|
|
|
* it would mess up the exclusion between exception handler
|
2018-12-03 02:47:34 -07:00
|
|
|
* and poll handler -- * so we skip this for now.
|
2009-05-27 13:56:57 -06:00
|
|
|
* These cases should not happen anyways, or only when the CPU
|
|
|
|
|
* is already totally * confused. In this case it's likely it will
|
|
|
|
|
* not fully execute the machine check handler either.
|
2009-02-12 05:43:23 -07:00
|
|
|
*/
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
|
2009-02-12 05:43:23 -07:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2015-11-24 00:41:17 -07:00
|
|
|
bool error_seen = false;
|
2009-02-12 05:43:23 -07:00
|
|
|
struct mce m;
|
|
|
|
|
int i;
|
|
|
|
|
|
2012-05-11 01:35:27 -06:00
|
|
|
this_cpu_inc(mce_poll_count);
|
2009-05-27 13:56:57 -06:00
|
|
|
|
2011-06-07 19:57:46 -06:00
|
|
|
mce_gather_info(&m, NULL);
|
2009-02-12 05:43:23 -07:00
|
|
|
|
2017-01-23 11:35:09 -07:00
|
|
|
if (flags & MCP_TIMESTAMP)
|
|
|
|
|
m.tsc = rdtsc();
|
2016-11-10 06:10:53 -07:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2009-07-08 16:31:43 -06:00
|
|
|
if (!mce_banks[i].ctl || !test_bit(i, *b))
|
2009-02-12 05:43:23 -07:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
m.misc = 0;
|
|
|
|
|
m.addr = 0;
|
|
|
|
|
m.bank = i;
|
|
|
|
|
|
|
|
|
|
barrier();
|
2016-04-30 06:33:55 -06:00
|
|
|
m.status = mce_rdmsrl(msr_ops.status(i));
|
2019-03-12 11:09:38 -06:00
|
|
|
|
|
|
|
|
/* If this entry is not valid, ignore it */
|
2009-02-12 05:43:23 -07:00
|
|
|
if (!(m.status & MCI_STATUS_VAL))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
2019-03-12 11:09:38 -06:00
|
|
|
* If we are logging everything (at CPU online) or this
|
|
|
|
|
* is a corrected error, then we must log it.
|
2009-02-12 05:43:23 -07:00
|
|
|
*/
|
2019-03-12 11:09:38 -06:00
|
|
|
if ((flags & MCP_UC) || !(m.status & MCI_STATUS_UC))
|
|
|
|
|
goto log_it;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Newer Intel systems that support software error
|
|
|
|
|
* recovery need to make additional checks. Other
|
|
|
|
|
* CPUs should skip over uncorrected errors, but log
|
|
|
|
|
* everything else.
|
|
|
|
|
*/
|
|
|
|
|
if (!mca_cfg.ser) {
|
|
|
|
|
if (m.status & MCI_STATUS_UC)
|
|
|
|
|
continue;
|
|
|
|
|
goto log_it;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Log "not enabled" (speculative) errors */
|
|
|
|
|
if (!(m.status & MCI_STATUS_EN))
|
|
|
|
|
goto log_it;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Log UCNA (SDM: 15.6.3 "UCR Error Classification")
|
|
|
|
|
* UC == 1 && PCC == 0 && S == 0
|
|
|
|
|
*/
|
|
|
|
|
if (!(m.status & MCI_STATUS_PCC) && !(m.status & MCI_STATUS_S))
|
|
|
|
|
goto log_it;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Skip anything else. Presumption is that our read of this
|
|
|
|
|
* bank is racing with a machine check. Leave the log alone
|
|
|
|
|
* for do_machine_check() to deal with it.
|
|
|
|
|
*/
|
|
|
|
|
continue;
|
2009-02-12 05:43:23 -07:00
|
|
|
|
2019-03-12 11:09:38 -06:00
|
|
|
log_it:
|
2015-11-24 00:41:17 -07:00
|
|
|
error_seen = true;
|
|
|
|
|
|
2011-12-13 10:48:13 -07:00
|
|
|
mce_read_aux(&m, i);
|
2009-02-12 05:43:23 -07:00
|
|
|
|
2017-06-26 06:35:31 -06:00
|
|
|
m.severity = mce_severity(&m, mca_cfg.tolerant, NULL, false);
|
x86, mce: Support memory error recovery for both UCNA and Deferred error in machine_check_poll
Uncorrected no action required (UCNA) - is a uncorrected recoverable
machine check error that is not signaled via a machine check exception
and, instead, is reported to system software as a corrected machine
check error. UCNA errors indicate that some data in the system is
corrupted, but the data has not been consumed and the processor state
is valid and you may continue execution on this processor. UCNA errors
require no action from system software to continue execution. Note that
UCNA errors are supported by the processor only when IA32_MCG_CAP[24]
(MCG_SER_P) is set.
-- Intel SDM Volume 3B
Deferred errors are errors that cannot be corrected by hardware, but
do not cause an immediate interruption in program flow, loss of data
integrity, or corruption of processor state. These errors indicate
that data has been corrupted but not consumed. Hardware writes information
to the status and address registers in the corresponding bank that
identifies the source of the error if deferred errors are enabled for
logging. Deferred errors are not reported via machine check exceptions;
they can be seen by polling the MCi_STATUS registers.
-- AMD64 APM Volume 2
Above two items, both UCNA and Deferred errors belong to detected
errors, but they can't be corrected by hardware, and this is very
similar to Software Recoverable Action Optional (SRAO) errors.
Therefore, we can take some actions that have been used for handling
SRAO errors to handle UCNA and Deferred errors.
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Chen Yucong <slaoub@gmail.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2014-11-17 19:09:20 -07:00
|
|
|
|
2009-02-12 05:43:23 -07:00
|
|
|
/*
|
|
|
|
|
* Don't get the IP here because it's unlikely to
|
|
|
|
|
* have anything to do with the actual error location.
|
|
|
|
|
*/
|
2015-11-24 00:41:17 -07:00
|
|
|
if (!(flags & MCP_DONTLOG) && !mca_cfg.dont_log_ce)
|
2009-04-07 09:06:55 -06:00
|
|
|
mce_log(&m);
|
2015-11-24 00:41:18 -07:00
|
|
|
else if (mce_usable_address(&m)) {
|
2015-11-24 00:41:17 -07:00
|
|
|
/*
|
|
|
|
|
* Although we skipped logging this, we still want
|
|
|
|
|
* to take action. Add to the pool so the registered
|
|
|
|
|
* notifiers will see it.
|
|
|
|
|
*/
|
|
|
|
|
if (!mce_gen_pool_add(&m))
|
|
|
|
|
mce_schedule_work();
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
}
|
2009-02-12 05:43:23 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Clear state for this bank.
|
|
|
|
|
*/
|
2016-04-30 06:33:55 -06:00
|
|
|
mce_wrmsrl(msr_ops.status(i), 0);
|
2009-02-12 05:43:23 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Don't clear MCG_STATUS here because it's only defined for
|
|
|
|
|
* exceptions.
|
|
|
|
|
*/
|
2009-05-27 13:56:51 -06:00
|
|
|
|
|
|
|
|
sync_core();
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
2015-11-24 00:41:17 -07:00
|
|
|
return error_seen;
|
2009-02-12 05:43:23 -07:00
|
|
|
}
|
2009-04-29 11:31:00 -06:00
|
|
|
EXPORT_SYMBOL_GPL(machine_check_poll);
|
2009-02-12 05:43:23 -07:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
/*
|
|
|
|
|
* Do a quick check if any of the events requires a panic.
|
|
|
|
|
* This decides if we keep the events around or clear them.
|
|
|
|
|
*/
|
2012-07-19 12:28:46 -06:00
|
|
|
static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
|
|
|
|
|
struct pt_regs *regs)
|
2009-05-27 13:56:55 -06:00
|
|
|
{
|
2015-05-18 02:07:17 -06:00
|
|
|
char *tmp;
|
2018-06-22 03:54:28 -06:00
|
|
|
int i;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2016-04-30 06:33:55 -06:00
|
|
|
m->status = mce_rdmsrl(msr_ops.status(i));
|
2018-06-22 03:54:28 -06:00
|
|
|
if (!(m->status & MCI_STATUS_VAL))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
__set_bit(i, validp);
|
|
|
|
|
if (quirk_no_way_out)
|
|
|
|
|
quirk_no_way_out(i, m, regs);
|
2015-05-18 02:07:17 -06:00
|
|
|
|
2019-12-09 17:07:30 -07:00
|
|
|
m->bank = i;
|
2015-05-18 02:07:17 -06:00
|
|
|
if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
|
2018-06-22 03:54:28 -06:00
|
|
|
mce_read_aux(m, i);
|
2015-05-18 02:07:17 -06:00
|
|
|
*msg = tmp;
|
2018-06-22 03:54:28 -06:00
|
|
|
return 1;
|
2015-05-18 02:07:17 -06:00
|
|
|
}
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
2018-06-22 03:54:28 -06:00
|
|
|
return 0;
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
|
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
/*
|
|
|
|
|
* Variable to establish order between CPUs while scanning.
|
|
|
|
|
* Each CPU spins initially until executing is equal its number.
|
|
|
|
|
*/
|
|
|
|
|
static atomic_t mce_executing;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Defines order of CPUs on entry. First CPU becomes Monarch.
|
|
|
|
|
*/
|
|
|
|
|
static atomic_t mce_callin;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if a timeout waiting for other CPUs happened.
|
|
|
|
|
*/
|
2014-12-21 09:18:25 -07:00
|
|
|
static int mce_timed_out(u64 *t, const char *msg)
|
2009-05-27 13:56:55 -06:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* The others already did panic for some reason.
|
|
|
|
|
* Bail out like in a timeout.
|
|
|
|
|
* rmb() to tell the compiler that system_state
|
|
|
|
|
* might have been modified by someone else.
|
|
|
|
|
*/
|
|
|
|
|
rmb();
|
2014-12-03 14:36:45 -07:00
|
|
|
if (atomic_read(&mce_panicked))
|
2009-05-27 13:56:55 -06:00
|
|
|
wait_for_panic();
|
2012-10-15 11:59:18 -06:00
|
|
|
if (!mca_cfg.monarch_timeout)
|
2009-05-27 13:56:55 -06:00
|
|
|
goto out;
|
|
|
|
|
if ((s64)*t < SPINUNIT) {
|
2014-05-23 03:06:35 -06:00
|
|
|
if (mca_cfg.tolerant <= 1)
|
2014-12-21 09:18:25 -07:00
|
|
|
mce_panic(msg, NULL, NULL);
|
2009-05-27 13:56:55 -06:00
|
|
|
cpu_missing = 1;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
*t -= SPINUNIT;
|
|
|
|
|
out:
|
|
|
|
|
touch_nmi_watchdog();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The Monarch's reign. The Monarch is the CPU who entered
|
|
|
|
|
* the machine check handler first. It waits for the others to
|
|
|
|
|
* raise the exception too and then grades them. When any
|
|
|
|
|
* error is fatal panic. Only then let the others continue.
|
|
|
|
|
*
|
|
|
|
|
* The other CPUs entering the MCE handler will be controlled by the
|
|
|
|
|
* Monarch. They are called Subjects.
|
|
|
|
|
*
|
|
|
|
|
* This way we prevent any potential data corruption in a unrecoverable case
|
|
|
|
|
* and also makes sure always all CPU's errors are examined.
|
|
|
|
|
*
|
2009-08-26 01:20:36 -06:00
|
|
|
* Also this detects the case of a machine check event coming from outer
|
2009-05-27 13:56:55 -06:00
|
|
|
* space (not detected by any CPUs) In this case some external agent wants
|
|
|
|
|
* us to shut down, so panic too.
|
|
|
|
|
*
|
|
|
|
|
* The other CPUs might still decide to panic if the handler happens
|
|
|
|
|
* in a unrecoverable place, but in this case the system is in a semi-stable
|
|
|
|
|
* state and won't corrupt anything by itself. It's ok to let the others
|
|
|
|
|
* continue for a bit first.
|
|
|
|
|
*
|
|
|
|
|
* All the spin loops have timeouts; when a timeout happens a CPU
|
|
|
|
|
* typically elects itself to be Monarch.
|
|
|
|
|
*/
|
|
|
|
|
static void mce_reign(void)
|
|
|
|
|
{
|
|
|
|
|
int cpu;
|
|
|
|
|
struct mce *m = NULL;
|
|
|
|
|
int global_worst = 0;
|
|
|
|
|
char *msg = NULL;
|
|
|
|
|
char *nmsg = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This CPU is the Monarch and the other CPUs have run
|
|
|
|
|
* through their handlers.
|
|
|
|
|
* Grade the severity of the errors of all the CPUs.
|
|
|
|
|
*/
|
|
|
|
|
for_each_possible_cpu(cpu) {
|
2012-10-15 10:03:57 -06:00
|
|
|
int severity = mce_severity(&per_cpu(mces_seen, cpu),
|
|
|
|
|
mca_cfg.tolerant,
|
2014-11-17 19:09:19 -07:00
|
|
|
&nmsg, true);
|
2009-05-27 13:56:55 -06:00
|
|
|
if (severity > global_worst) {
|
|
|
|
|
msg = nmsg;
|
|
|
|
|
global_worst = severity;
|
|
|
|
|
m = &per_cpu(mces_seen, cpu);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Cannot recover? Panic here then.
|
|
|
|
|
* This dumps all the mces in the log buffer and stops the
|
|
|
|
|
* other CPUs.
|
|
|
|
|
*/
|
2012-10-15 10:03:57 -06:00
|
|
|
if (m && global_worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3)
|
2015-02-02 11:30:21 -07:00
|
|
|
mce_panic("Fatal machine check", m, msg);
|
2009-05-27 13:56:55 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* For UC somewhere we let the CPU who detects it handle it.
|
|
|
|
|
* Also must let continue the others, otherwise the handling
|
|
|
|
|
* CPU could deadlock on a lock.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* No machine check event found. Must be some external
|
|
|
|
|
* source or one CPU is hung. Panic.
|
|
|
|
|
*/
|
2012-10-15 10:03:57 -06:00
|
|
|
if (global_worst <= MCE_KEEP_SEVERITY && mca_cfg.tolerant < 3)
|
2015-02-02 11:30:21 -07:00
|
|
|
mce_panic("Fatal machine check from unknown source", NULL, NULL);
|
2009-05-27 13:56:55 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now clear all the mces_seen so that they don't reappear on
|
|
|
|
|
* the next mce.
|
|
|
|
|
*/
|
|
|
|
|
for_each_possible_cpu(cpu)
|
|
|
|
|
memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static atomic_t global_nwo;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Start of Monarch synchronization. This waits until all CPUs have
|
|
|
|
|
* entered the exception handler and then determines if any of them
|
|
|
|
|
* saw a fatal event that requires panic. Then it executes them
|
|
|
|
|
* in the entry order.
|
|
|
|
|
* TBD double check parallel CPU hotunplug
|
|
|
|
|
*/
|
2009-06-15 03:18:43 -06:00
|
|
|
static int mce_start(int *no_way_out)
|
2009-05-27 13:56:55 -06:00
|
|
|
{
|
2009-06-15 03:18:43 -06:00
|
|
|
int order;
|
2009-05-27 13:56:55 -06:00
|
|
|
int cpus = num_online_cpus();
|
2012-10-15 11:59:18 -06:00
|
|
|
u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-06-15 03:18:43 -06:00
|
|
|
if (!timeout)
|
|
|
|
|
return -1;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-06-15 03:18:43 -06:00
|
|
|
atomic_add(*no_way_out, &global_nwo);
|
2009-06-15 01:37:07 -06:00
|
|
|
/*
|
2016-04-06 02:05:15 -06:00
|
|
|
* Rely on the implied barrier below, such that global_nwo
|
|
|
|
|
* is updated before mce_callin.
|
2009-06-15 01:37:07 -06:00
|
|
|
*/
|
2009-06-21 00:28:22 -06:00
|
|
|
order = atomic_inc_return(&mce_callin);
|
2009-05-27 13:56:55 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Wait for everyone.
|
|
|
|
|
*/
|
|
|
|
|
while (atomic_read(&mce_callin) != cpus) {
|
2014-12-21 09:18:25 -07:00
|
|
|
if (mce_timed_out(&timeout,
|
|
|
|
|
"Timeout: Not all CPUs entered broadcast exception handler")) {
|
2009-05-27 13:56:55 -06:00
|
|
|
atomic_set(&global_nwo, 0);
|
2009-06-15 03:18:43 -06:00
|
|
|
return -1;
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
|
|
|
|
ndelay(SPINUNIT);
|
|
|
|
|
}
|
|
|
|
|
|
2009-06-15 01:37:07 -06:00
|
|
|
/*
|
|
|
|
|
* mce_callin should be read before global_nwo
|
|
|
|
|
*/
|
|
|
|
|
smp_rmb();
|
2009-05-27 13:56:55 -06:00
|
|
|
|
2009-06-15 03:18:43 -06:00
|
|
|
if (order == 1) {
|
|
|
|
|
/*
|
|
|
|
|
* Monarch: Starts executing now, the others wait.
|
|
|
|
|
*/
|
2009-05-27 13:56:55 -06:00
|
|
|
atomic_set(&mce_executing, 1);
|
2009-06-15 03:18:43 -06:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Subject: Now start the scanning loop one by one in
|
|
|
|
|
* the original callin order.
|
|
|
|
|
* This way when there are any shared banks it will be
|
|
|
|
|
* only seen by one CPU before cleared, avoiding duplicates.
|
|
|
|
|
*/
|
|
|
|
|
while (atomic_read(&mce_executing) < order) {
|
2014-12-21 09:18:25 -07:00
|
|
|
if (mce_timed_out(&timeout,
|
|
|
|
|
"Timeout: Subject CPUs unable to finish machine check processing")) {
|
2009-06-15 03:18:43 -06:00
|
|
|
atomic_set(&global_nwo, 0);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
ndelay(SPINUNIT);
|
|
|
|
|
}
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2009-06-15 03:18:43 -06:00
|
|
|
* Cache the global no_way_out state.
|
2009-05-27 13:56:55 -06:00
|
|
|
*/
|
2009-06-15 03:18:43 -06:00
|
|
|
*no_way_out = atomic_read(&global_nwo);
|
|
|
|
|
|
|
|
|
|
return order;
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Synchronize between CPUs after main scanning loop.
|
|
|
|
|
* This invokes the bulk of the Monarch processing.
|
|
|
|
|
*/
|
|
|
|
|
static int mce_end(int order)
|
|
|
|
|
{
|
|
|
|
|
int ret = -1;
|
2012-10-15 11:59:18 -06:00
|
|
|
u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
|
|
|
|
if (!timeout)
|
|
|
|
|
goto reset;
|
|
|
|
|
if (order < 0)
|
|
|
|
|
goto reset;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allow others to run.
|
|
|
|
|
*/
|
|
|
|
|
atomic_inc(&mce_executing);
|
|
|
|
|
|
|
|
|
|
if (order == 1) {
|
|
|
|
|
/* CHECKME: Can this race with a parallel hotplug? */
|
|
|
|
|
int cpus = num_online_cpus();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Monarch: Wait for everyone to go through their scanning
|
|
|
|
|
* loops.
|
|
|
|
|
*/
|
|
|
|
|
while (atomic_read(&mce_executing) <= cpus) {
|
2014-12-21 09:18:25 -07:00
|
|
|
if (mce_timed_out(&timeout,
|
|
|
|
|
"Timeout: Monarch CPU unable to finish machine check processing"))
|
2009-05-27 13:56:55 -06:00
|
|
|
goto reset;
|
|
|
|
|
ndelay(SPINUNIT);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mce_reign();
|
|
|
|
|
barrier();
|
|
|
|
|
ret = 0;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Subject: Wait for Monarch to finish.
|
|
|
|
|
*/
|
|
|
|
|
while (atomic_read(&mce_executing) != 0) {
|
2014-12-21 09:18:25 -07:00
|
|
|
if (mce_timed_out(&timeout,
|
|
|
|
|
"Timeout: Monarch CPU did not finish machine check processing"))
|
2009-05-27 13:56:55 -06:00
|
|
|
goto reset;
|
|
|
|
|
ndelay(SPINUNIT);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Don't reset anything. That's done by the Monarch.
|
|
|
|
|
*/
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Reset all global state.
|
|
|
|
|
*/
|
|
|
|
|
reset:
|
|
|
|
|
atomic_set(&global_nwo, 0);
|
|
|
|
|
atomic_set(&mce_callin, 0);
|
|
|
|
|
barrier();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Let others run again.
|
|
|
|
|
*/
|
|
|
|
|
atomic_set(&mce_executing, 0);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void mce_clear_state(unsigned long *toclear)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2009-05-27 13:56:55 -06:00
|
|
|
if (test_bit(i, toclear))
|
2016-04-30 06:33:55 -06:00
|
|
|
mce_wrmsrl(msr_ops.status(i), 0);
|
2009-05-27 13:56:55 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-17 11:20:13 -07:00
|
|
|
static int do_memory_failure(struct mce *m)
|
|
|
|
|
{
|
|
|
|
|
int flags = MF_ACTION_REQUIRED;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
pr_err("Uncorrected hardware memory error in user-access at %llx", m->addr);
|
|
|
|
|
if (!(m->mcgstatus & MCG_STATUS_RIPV))
|
|
|
|
|
flags |= MF_MUST_KILL;
|
2017-07-09 17:14:01 -06:00
|
|
|
ret = memory_failure(m->addr >> PAGE_SHIFT, flags);
|
2016-02-17 11:20:13 -07:00
|
|
|
if (ret)
|
|
|
|
|
pr_err("Memory error not recovered");
|
2018-01-25 15:23:48 -07:00
|
|
|
else
|
2020-05-20 10:35:46 -06:00
|
|
|
set_mce_nospec(m->addr >> PAGE_SHIFT, whole_page(m));
|
2016-02-17 11:20:13 -07:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-22 03:54:24 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Cases where we avoid rendezvous handler timeout:
|
|
|
|
|
* 1) If this CPU is offline.
|
|
|
|
|
*
|
|
|
|
|
* 2) If crashing_cpu was set, e.g. we're entering kdump and we need to
|
|
|
|
|
* skip those CPUs which remain looping in the 1st kernel - see
|
|
|
|
|
* crash_nmi_callback().
|
|
|
|
|
*
|
|
|
|
|
* Note: there still is a small window between kexec-ing and the new,
|
|
|
|
|
* kdump kernel establishing a new #MC handler where a broadcasted MCE
|
|
|
|
|
* might not get handled properly.
|
|
|
|
|
*/
|
|
|
|
|
static bool __mc_check_crashing_cpu(int cpu)
|
|
|
|
|
{
|
|
|
|
|
if (cpu_is_offline(cpu) ||
|
|
|
|
|
(crashing_cpu != -1 && crashing_cpu != cpu)) {
|
|
|
|
|
u64 mcgstatus;
|
|
|
|
|
|
|
|
|
|
mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
|
|
|
|
|
if (mcgstatus & MCG_STATUS_RIPV) {
|
|
|
|
|
mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-22 03:54:26 -06:00
|
|
|
static void __mc_scan_banks(struct mce *m, struct mce *final,
|
|
|
|
|
unsigned long *toclear, unsigned long *valid_banks,
|
|
|
|
|
int no_way_out, int *worst)
|
|
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2018-06-22 03:54:26 -06:00
|
|
|
struct mca_config *cfg = &mca_cfg;
|
|
|
|
|
int severity, i;
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2018-06-22 03:54:26 -06:00
|
|
|
__clear_bit(i, toclear);
|
|
|
|
|
if (!test_bit(i, valid_banks))
|
|
|
|
|
continue;
|
2018-06-22 03:54:27 -06:00
|
|
|
|
2018-06-22 03:54:26 -06:00
|
|
|
if (!mce_banks[i].ctl)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
m->misc = 0;
|
|
|
|
|
m->addr = 0;
|
|
|
|
|
m->bank = i;
|
|
|
|
|
|
|
|
|
|
m->status = mce_rdmsrl(msr_ops.status(i));
|
2018-06-22 03:54:27 -06:00
|
|
|
if (!(m->status & MCI_STATUS_VAL))
|
2018-06-22 03:54:26 -06:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
2018-06-22 03:54:27 -06:00
|
|
|
* Corrected or non-signaled errors are handled by
|
|
|
|
|
* machine_check_poll(). Leave them alone, unless this panics.
|
2018-06-22 03:54:26 -06:00
|
|
|
*/
|
|
|
|
|
if (!(m->status & (cfg->ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
|
|
|
|
|
!no_way_out)
|
|
|
|
|
continue;
|
|
|
|
|
|
2018-06-22 03:54:27 -06:00
|
|
|
/* Set taint even when machine check was not enabled. */
|
2018-06-22 03:54:26 -06:00
|
|
|
add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
|
|
|
|
|
|
|
|
|
|
severity = mce_severity(m, cfg->tolerant, NULL, true);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When machine check was for corrected/deferred handler don't
|
2018-06-22 03:54:27 -06:00
|
|
|
* touch, unless we're panicking.
|
2018-06-22 03:54:26 -06:00
|
|
|
*/
|
|
|
|
|
if ((severity == MCE_KEEP_SEVERITY ||
|
|
|
|
|
severity == MCE_UCNA_SEVERITY) && !no_way_out)
|
|
|
|
|
continue;
|
2018-06-22 03:54:27 -06:00
|
|
|
|
2018-06-22 03:54:26 -06:00
|
|
|
__set_bit(i, toclear);
|
2018-06-22 03:54:27 -06:00
|
|
|
|
|
|
|
|
/* Machine check event was not enabled. Clear, but ignore. */
|
|
|
|
|
if (severity == MCE_NO_SEVERITY)
|
2018-06-22 03:54:26 -06:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
mce_read_aux(m, i);
|
|
|
|
|
|
|
|
|
|
/* assuming valid severity level != 0 */
|
|
|
|
|
m->severity = severity;
|
|
|
|
|
|
|
|
|
|
mce_log(m);
|
|
|
|
|
|
|
|
|
|
if (severity > *worst) {
|
|
|
|
|
*final = *m;
|
|
|
|
|
*worst = severity;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* mce_clear_state will clear *final, save locally for use later */
|
|
|
|
|
*m = *final;
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-12 05:43:23 -07:00
|
|
|
/*
|
|
|
|
|
* The actual machine check handler. This only handles real
|
|
|
|
|
* exceptions when something got corrupted coming in through int 18.
|
|
|
|
|
*
|
|
|
|
|
* This is executed in NMI context not subject to normal locking rules. This
|
|
|
|
|
* implies that most kernel services cannot be safely used. Don't even
|
|
|
|
|
* think about putting a printk in there!
|
2009-05-27 13:56:55 -06:00
|
|
|
*
|
|
|
|
|
* On Intel systems this is entered on all CPUs in parallel through
|
|
|
|
|
* MCE broadcast. However some CPUs might be broken beyond repair,
|
|
|
|
|
* so be always careful when synchronizing with others.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2009-04-08 04:31:17 -06:00
|
|
|
void do_machine_check(struct pt_regs *regs, long error_code)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2018-06-22 03:54:24 -06:00
|
|
|
DECLARE_BITMAP(valid_banks, MAX_NR_BANKS);
|
|
|
|
|
DECLARE_BITMAP(toclear, MAX_NR_BANKS);
|
2012-10-17 04:05:33 -06:00
|
|
|
struct mca_config *cfg = &mca_cfg;
|
2018-06-22 03:54:24 -06:00
|
|
|
int cpu = smp_processor_id();
|
|
|
|
|
char *msg = "Unknown";
|
2009-05-27 13:56:55 -06:00
|
|
|
struct mce m, *final;
|
|
|
|
|
int worst = 0;
|
2016-04-30 06:33:57 -06:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
/*
|
|
|
|
|
* Establish sequential order between the CPUs entering the machine
|
|
|
|
|
* check handler.
|
|
|
|
|
*/
|
2016-04-30 06:33:57 -06:00
|
|
|
int order = -1;
|
2018-06-22 03:54:24 -06:00
|
|
|
|
x86_64: mcelog tolerant level cleanup
Background:
The MCE handler has several paths that it can take, depending on various
conditions of the MCE status and the value of the 'tolerant' knob. The
exact semantics are not well defined and the code is a bit twisty.
Description:
This patch makes the MCE handler's behavior more clear by documenting the
behavior for various 'tolerant' levels. It also fixes or enhances
several small things in the handler. Specifically:
* If RIPV is set it is not safe to restart, so set the 'no way out'
flag rather than the 'kill it' flag.
* Don't panic() on correctable MCEs.
* If the _OVER bit is set *and* the _UC bit is set (meaning possibly
dropped uncorrected errors), set the 'no way out' flag.
* Use EIPV for testing whether an app can be killed (SIGBUS) rather
than RIPV. According to docs, EIPV indicates that the error is
related to the IP, while RIPV simply means the IP is valid to
restart from.
* Don't clear the MCi_STATUS registers until after the panic() path.
This leaves the status bits set after the panic() so clever BIOSes
can find them (and dumb BIOSes can do nothing).
This patch also calls nonseekable_open() in mce_open (as suggested by akpm).
Result:
Tolerant levels behave almost identically to how they always have, but
not it's well defined. There's a slightly higher chance of panic()ing
when multiple errors happen (a good thing, IMHO). If you take an MBE and
panic(), the error status bits are not cleared.
Alternatives:
None.
Testing:
I used software to inject correctable and uncorrectable errors. With
tolerant = 3, the system usually survives. With tolerant = 2, the system
usually panic()s (PCC) but not always. With tolerant = 1, the system
always panic()s. When the system panic()s, the BIOS is able to detect
that the cause of death was an MC4. I was not able to reproduce the
case of a non-PCC error in userspace, with EIPV, with (tolerant < 3).
That will be rare at best.
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:37 -06:00
|
|
|
/*
|
|
|
|
|
* If no_way_out gets set, there is no safe way to recover from this
|
2012-10-15 10:03:57 -06:00
|
|
|
* MCE. If mca_cfg.tolerant is cranked up, we'll try anyway.
|
x86_64: mcelog tolerant level cleanup
Background:
The MCE handler has several paths that it can take, depending on various
conditions of the MCE status and the value of the 'tolerant' knob. The
exact semantics are not well defined and the code is a bit twisty.
Description:
This patch makes the MCE handler's behavior more clear by documenting the
behavior for various 'tolerant' levels. It also fixes or enhances
several small things in the handler. Specifically:
* If RIPV is set it is not safe to restart, so set the 'no way out'
flag rather than the 'kill it' flag.
* Don't panic() on correctable MCEs.
* If the _OVER bit is set *and* the _UC bit is set (meaning possibly
dropped uncorrected errors), set the 'no way out' flag.
* Use EIPV for testing whether an app can be killed (SIGBUS) rather
than RIPV. According to docs, EIPV indicates that the error is
related to the IP, while RIPV simply means the IP is valid to
restart from.
* Don't clear the MCi_STATUS registers until after the panic() path.
This leaves the status bits set after the panic() so clever BIOSes
can find them (and dumb BIOSes can do nothing).
This patch also calls nonseekable_open() in mce_open (as suggested by akpm).
Result:
Tolerant levels behave almost identically to how they always have, but
not it's well defined. There's a slightly higher chance of panic()ing
when multiple errors happen (a good thing, IMHO). If you take an MBE and
panic(), the error status bits are not cleared.
Alternatives:
None.
Testing:
I used software to inject correctable and uncorrectable errors. With
tolerant = 3, the system usually survives. With tolerant = 2, the system
usually panic()s (PCC) but not always. With tolerant = 1, the system
always panic()s. When the system panic()s, the BIOS is able to detect
that the cause of death was an MC4. I was not able to reproduce the
case of a non-PCC error in userspace, with EIPV, with (tolerant < 3).
That will be rare at best.
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:37 -06:00
|
|
|
*/
|
|
|
|
|
int no_way_out = 0;
|
2018-06-22 03:54:24 -06:00
|
|
|
|
x86_64: mcelog tolerant level cleanup
Background:
The MCE handler has several paths that it can take, depending on various
conditions of the MCE status and the value of the 'tolerant' knob. The
exact semantics are not well defined and the code is a bit twisty.
Description:
This patch makes the MCE handler's behavior more clear by documenting the
behavior for various 'tolerant' levels. It also fixes or enhances
several small things in the handler. Specifically:
* If RIPV is set it is not safe to restart, so set the 'no way out'
flag rather than the 'kill it' flag.
* Don't panic() on correctable MCEs.
* If the _OVER bit is set *and* the _UC bit is set (meaning possibly
dropped uncorrected errors), set the 'no way out' flag.
* Use EIPV for testing whether an app can be killed (SIGBUS) rather
than RIPV. According to docs, EIPV indicates that the error is
related to the IP, while RIPV simply means the IP is valid to
restart from.
* Don't clear the MCi_STATUS registers until after the panic() path.
This leaves the status bits set after the panic() so clever BIOSes
can find them (and dumb BIOSes can do nothing).
This patch also calls nonseekable_open() in mce_open (as suggested by akpm).
Result:
Tolerant levels behave almost identically to how they always have, but
not it's well defined. There's a slightly higher chance of panic()ing
when multiple errors happen (a good thing, IMHO). If you take an MBE and
panic(), the error status bits are not cleared.
Alternatives:
None.
Testing:
I used software to inject correctable and uncorrectable errors. With
tolerant = 3, the system usually survives. With tolerant = 2, the system
usually panic()s (PCC) but not always. With tolerant = 1, the system
always panic()s. When the system panic()s, the BIOS is able to detect
that the cause of death was an MC4. I was not able to reproduce the
case of a non-PCC error in userspace, with EIPV, with (tolerant < 3).
That will be rare at best.
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:37 -06:00
|
|
|
/*
|
|
|
|
|
* If kill_it gets set, there might be a way to recover from this
|
|
|
|
|
* error.
|
|
|
|
|
*/
|
|
|
|
|
int kill_it = 0;
|
2016-04-30 06:33:57 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES
|
|
|
|
|
* on Intel.
|
|
|
|
|
*/
|
|
|
|
|
int lmce = 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2018-06-22 03:54:24 -06:00
|
|
|
if (__mc_check_crashing_cpu(cpu))
|
|
|
|
|
return;
|
2015-12-10 03:12:26 -07:00
|
|
|
|
2015-07-03 13:44:32 -06:00
|
|
|
ist_enter(regs);
|
2014-11-19 18:41:09 -07:00
|
|
|
|
2012-05-11 01:35:27 -06:00
|
|
|
this_cpu_inc(mce_exception_count);
|
2009-05-27 13:56:52 -06:00
|
|
|
|
2011-06-07 19:57:46 -06:00
|
|
|
mce_gather_info(&m, regs);
|
2017-01-23 11:35:09 -07:00
|
|
|
m.tsc = rdtsc();
|
2009-02-12 05:43:22 -07:00
|
|
|
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
final = this_cpu_ptr(&mces_seen);
|
2009-05-27 13:56:55 -06:00
|
|
|
*final = m;
|
|
|
|
|
|
2012-04-18 16:19:40 -06:00
|
|
|
memset(valid_banks, 0, sizeof(valid_banks));
|
2012-07-19 12:28:46 -06:00
|
|
|
no_way_out = mce_no_way_out(&m, &msg, valid_banks, regs);
|
2009-08-26 01:20:36 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
barrier();
|
|
|
|
|
|
2009-05-27 13:56:57 -06:00
|
|
|
/*
|
2012-01-03 12:45:45 -07:00
|
|
|
* When no restart IP might need to kill or panic.
|
|
|
|
|
* Assume the worst for now, but if we find the
|
|
|
|
|
* severity is MCE_AR_SEVERITY we have other options.
|
2009-05-27 13:56:57 -06:00
|
|
|
*/
|
|
|
|
|
if (!(m.mcgstatus & MCG_STATUS_RIPV))
|
|
|
|
|
kill_it = 1;
|
|
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
/*
|
2016-04-30 06:33:57 -06:00
|
|
|
* Check if this MCE is signaled to only this logical processor,
|
|
|
|
|
* on Intel only.
|
2009-05-27 13:56:55 -06:00
|
|
|
*/
|
2016-04-30 06:33:57 -06:00
|
|
|
if (m.cpuvendor == X86_VENDOR_INTEL)
|
|
|
|
|
lmce = m.mcgstatus & MCG_STATUS_LMCES;
|
|
|
|
|
|
|
|
|
|
/*
|
2018-06-22 03:54:23 -06:00
|
|
|
* Local machine check may already know that we have to panic.
|
|
|
|
|
* Broadcast machine check begins rendezvous in mce_start()
|
2016-04-30 06:33:57 -06:00
|
|
|
* Go through all banks in exclusion of the other CPUs. This way we
|
|
|
|
|
* don't report duplicated events on shared banks because the first one
|
2018-06-22 03:54:23 -06:00
|
|
|
* to see it will clear it.
|
2016-04-30 06:33:57 -06:00
|
|
|
*/
|
2018-06-22 03:54:23 -06:00
|
|
|
if (lmce) {
|
|
|
|
|
if (no_way_out)
|
|
|
|
|
mce_panic("Fatal local machine check", &m, msg);
|
|
|
|
|
} else {
|
2015-06-04 10:55:24 -06:00
|
|
|
order = mce_start(&no_way_out);
|
2018-06-22 03:54:23 -06:00
|
|
|
}
|
2015-06-04 10:55:24 -06:00
|
|
|
|
2018-06-22 03:54:26 -06:00
|
|
|
__mc_scan_banks(&m, final, toclear, valid_banks, no_way_out, &worst);
|
2012-01-03 12:45:45 -07:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
if (!no_way_out)
|
|
|
|
|
mce_clear_state(toclear);
|
|
|
|
|
|
2009-04-08 04:31:17 -06:00
|
|
|
/*
|
2009-05-27 13:56:55 -06:00
|
|
|
* Do most of the synchronization with other CPUs.
|
|
|
|
|
* When there's any problem use only local no_way_out state.
|
2009-04-08 04:31:17 -06:00
|
|
|
*/
|
2015-06-04 10:55:24 -06:00
|
|
|
if (!lmce) {
|
|
|
|
|
if (mce_end(order) < 0)
|
|
|
|
|
no_way_out = worst >= MCE_PANIC_SEVERITY;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
2018-06-22 03:54:23 -06:00
|
|
|
* If there was a fatal machine check we should have
|
|
|
|
|
* already called mce_panic earlier in this function.
|
|
|
|
|
* Since we re-read the banks, we might have found
|
|
|
|
|
* something new. Check again to see if we found a
|
|
|
|
|
* fatal error. We call "mce_severity()" again to
|
|
|
|
|
* make sure we have the right "msg".
|
2015-06-04 10:55:24 -06:00
|
|
|
*/
|
2018-06-22 03:54:23 -06:00
|
|
|
if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) {
|
|
|
|
|
mce_severity(&m, cfg->tolerant, &msg, true);
|
|
|
|
|
mce_panic("Local fatal machine check!", &m, msg);
|
|
|
|
|
}
|
2015-06-04 10:55:24 -06:00
|
|
|
}
|
x86_64: mcelog tolerant level cleanup
Background:
The MCE handler has several paths that it can take, depending on various
conditions of the MCE status and the value of the 'tolerant' knob. The
exact semantics are not well defined and the code is a bit twisty.
Description:
This patch makes the MCE handler's behavior more clear by documenting the
behavior for various 'tolerant' levels. It also fixes or enhances
several small things in the handler. Specifically:
* If RIPV is set it is not safe to restart, so set the 'no way out'
flag rather than the 'kill it' flag.
* Don't panic() on correctable MCEs.
* If the _OVER bit is set *and* the _UC bit is set (meaning possibly
dropped uncorrected errors), set the 'no way out' flag.
* Use EIPV for testing whether an app can be killed (SIGBUS) rather
than RIPV. According to docs, EIPV indicates that the error is
related to the IP, while RIPV simply means the IP is valid to
restart from.
* Don't clear the MCi_STATUS registers until after the panic() path.
This leaves the status bits set after the panic() so clever BIOSes
can find them (and dumb BIOSes can do nothing).
This patch also calls nonseekable_open() in mce_open (as suggested by akpm).
Result:
Tolerant levels behave almost identically to how they always have, but
not it's well defined. There's a slightly higher chance of panic()ing
when multiple errors happen (a good thing, IMHO). If you take an MBE and
panic(), the error status bits are not cleared.
Alternatives:
None.
Testing:
I used software to inject correctable and uncorrectable errors. With
tolerant = 3, the system usually survives. With tolerant = 2, the system
usually panic()s (PCC) but not always. With tolerant = 1, the system
always panic()s. When the system panic()s, the BIOS is able to detect
that the cause of death was an MC4. I was not able to reproduce the
case of a non-PCC error in userspace, with EIPV, with (tolerant < 3).
That will be rare at best.
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:37 -06:00
|
|
|
|
|
|
|
|
/*
|
2016-02-17 11:20:13 -07:00
|
|
|
* If tolerant is at an insane level we drop requests to kill
|
|
|
|
|
* processes and continue even when there is no way out.
|
x86_64: mcelog tolerant level cleanup
Background:
The MCE handler has several paths that it can take, depending on various
conditions of the MCE status and the value of the 'tolerant' knob. The
exact semantics are not well defined and the code is a bit twisty.
Description:
This patch makes the MCE handler's behavior more clear by documenting the
behavior for various 'tolerant' levels. It also fixes or enhances
several small things in the handler. Specifically:
* If RIPV is set it is not safe to restart, so set the 'no way out'
flag rather than the 'kill it' flag.
* Don't panic() on correctable MCEs.
* If the _OVER bit is set *and* the _UC bit is set (meaning possibly
dropped uncorrected errors), set the 'no way out' flag.
* Use EIPV for testing whether an app can be killed (SIGBUS) rather
than RIPV. According to docs, EIPV indicates that the error is
related to the IP, while RIPV simply means the IP is valid to
restart from.
* Don't clear the MCi_STATUS registers until after the panic() path.
This leaves the status bits set after the panic() so clever BIOSes
can find them (and dumb BIOSes can do nothing).
This patch also calls nonseekable_open() in mce_open (as suggested by akpm).
Result:
Tolerant levels behave almost identically to how they always have, but
not it's well defined. There's a slightly higher chance of panic()ing
when multiple errors happen (a good thing, IMHO). If you take an MBE and
panic(), the error status bits are not cleared.
Alternatives:
None.
Testing:
I used software to inject correctable and uncorrectable errors. With
tolerant = 3, the system usually survives. With tolerant = 2, the system
usually panic()s (PCC) but not always. With tolerant = 1, the system
always panic()s. When the system panic()s, the BIOS is able to detect
that the cause of death was an MC4. I was not able to reproduce the
case of a non-PCC error in userspace, with EIPV, with (tolerant < 3).
That will be rare at best.
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:37 -06:00
|
|
|
*/
|
2016-02-17 11:20:13 -07:00
|
|
|
if (cfg->tolerant == 3)
|
|
|
|
|
kill_it = 0;
|
|
|
|
|
else if (no_way_out)
|
|
|
|
|
mce_panic("Fatal machine check on current CPU", &m, msg);
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
|
2009-05-27 13:56:55 -06:00
|
|
|
if (worst > 0)
|
2019-03-12 12:39:23 -06:00
|
|
|
irq_work_queue(&mce_irq_work);
|
|
|
|
|
|
2009-04-29 11:29:12 -06:00
|
|
|
mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
|
2018-06-22 03:54:25 -06:00
|
|
|
|
2009-05-27 13:56:51 -06:00
|
|
|
sync_core();
|
2015-01-05 17:44:42 -07:00
|
|
|
|
2016-02-17 11:20:13 -07:00
|
|
|
if (worst != MCE_AR_SEVERITY && !kill_it)
|
|
|
|
|
goto out_ist;
|
2015-01-05 17:44:42 -07:00
|
|
|
|
2016-02-17 11:20:13 -07:00
|
|
|
/* Fault was in user mode and we need to take some action */
|
|
|
|
|
if ((m.cs & 3) == 3) {
|
|
|
|
|
ist_begin_non_atomic(regs);
|
|
|
|
|
local_irq_enable();
|
|
|
|
|
|
|
|
|
|
if (kill_it || do_memory_failure(&m))
|
2019-05-23 09:17:27 -06:00
|
|
|
force_sig(SIGBUS);
|
2016-02-17 11:20:13 -07:00
|
|
|
local_irq_disable();
|
|
|
|
|
ist_end_non_atomic();
|
|
|
|
|
} else {
|
2018-08-28 14:14:19 -06:00
|
|
|
if (!fixup_exception(regs, X86_TRAP_MC, error_code, 0))
|
2016-02-17 11:20:13 -07:00
|
|
|
mce_panic("Failed kernel mode recovery", &m, NULL);
|
2015-01-05 17:44:42 -07:00
|
|
|
}
|
2016-02-17 11:20:13 -07:00
|
|
|
|
|
|
|
|
out_ist:
|
2015-07-03 13:44:32 -06:00
|
|
|
ist_exit(regs);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2009-04-29 11:31:00 -06:00
|
|
|
EXPORT_SYMBOL_GPL(do_machine_check);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2011-12-15 11:48:12 -07:00
|
|
|
#ifndef CONFIG_MEMORY_FAILURE
|
2017-07-09 17:14:01 -06:00
|
|
|
int memory_failure(unsigned long pfn, int flags)
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
{
|
2012-01-03 12:45:45 -07:00
|
|
|
/* mce_severity() should not hand us an ACTION_REQUIRED error */
|
|
|
|
|
BUG_ON(flags & MF_ACTION_REQUIRED);
|
2012-05-21 20:50:07 -06:00
|
|
|
pr_err("Uncorrected memory error in page 0x%lx ignored\n"
|
|
|
|
|
"Rebuild kernel with CONFIG_MEMORY_FAILURE=y for smarter handling\n",
|
|
|
|
|
pfn);
|
2011-12-15 11:48:12 -07:00
|
|
|
|
|
|
|
|
return 0;
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
}
|
2011-12-15 11:48:12 -07:00
|
|
|
#endif
|
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-05-27 13:56:59 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
2007-05-02 11:27:19 -06:00
|
|
|
* Periodic polling timer for "silent" machine check errors. If the
|
|
|
|
|
* poller finds an MCE, poll 2x faster. When the poller finds no more
|
|
|
|
|
* errors, poll 2x slower (up to check_interval seconds).
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
static unsigned long check_interval = INITIAL_CHECK_INTERVAL;
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2012-05-24 11:54:51 -06:00
|
|
|
static DEFINE_PER_CPU(unsigned long, mce_next_interval); /* in jiffies */
|
2009-02-12 05:39:29 -07:00
|
|
|
static DEFINE_PER_CPU(struct timer_list, mce_timer);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-08-09 12:44:51 -06:00
|
|
|
static unsigned long mce_adjust_timer_default(unsigned long interval)
|
|
|
|
|
{
|
|
|
|
|
return interval;
|
|
|
|
|
}
|
|
|
|
|
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
static unsigned long (*mce_adjust_timer)(unsigned long interval) = mce_adjust_timer_default;
|
2012-08-09 12:44:51 -06:00
|
|
|
|
2017-01-31 01:37:34 -07:00
|
|
|
static void __start_timer(struct timer_list *t, unsigned long interval)
|
2014-03-27 19:24:36 -06:00
|
|
|
{
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
unsigned long when = jiffies + interval;
|
|
|
|
|
unsigned long flags;
|
2014-03-27 19:24:36 -06:00
|
|
|
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
local_irq_save(flags);
|
2014-03-27 19:24:36 -06:00
|
|
|
|
2017-01-31 01:37:34 -07:00
|
|
|
if (!timer_pending(t) || time_before(when, t->expires))
|
|
|
|
|
mod_timer(t, round_jiffies(when));
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
|
|
|
|
local_irq_restore(flags);
|
2014-03-27 19:24:36 -06:00
|
|
|
}
|
|
|
|
|
|
2017-10-04 18:54:25 -06:00
|
|
|
static void mce_timer_fn(struct timer_list *t)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2017-10-04 18:54:25 -06:00
|
|
|
struct timer_list *cpu_t = this_cpu_ptr(&mce_timer);
|
2012-05-24 11:54:51 -06:00
|
|
|
unsigned long iv;
|
2009-02-12 05:39:29 -07:00
|
|
|
|
2017-10-04 18:54:25 -06:00
|
|
|
WARN_ON(cpu_t != t);
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
|
|
|
|
iv = __this_cpu_read(mce_next_interval);
|
2009-02-12 05:39:29 -07:00
|
|
|
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (mce_available(this_cpu_ptr(&cpu_info))) {
|
2016-11-10 06:10:53 -07:00
|
|
|
machine_check_poll(0, this_cpu_ptr(&mce_poll_banks));
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
|
|
|
|
if (mce_intel_cmci_poll()) {
|
|
|
|
|
iv = mce_adjust_timer(iv);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2009-04-08 04:31:17 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
/*
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
* Alert userspace if needed. If we logged an MCE, reduce the polling
|
|
|
|
|
* interval, otherwise increase the polling interval.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
if (mce_notify_irq())
|
2012-06-04 20:35:02 -06:00
|
|
|
iv = max(iv / 2, (unsigned long) HZ/100);
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
else
|
2012-05-24 11:54:51 -06:00
|
|
|
iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
|
|
|
|
done:
|
2012-05-24 11:54:51 -06:00
|
|
|
__this_cpu_write(mce_next_interval, iv);
|
2017-01-31 01:37:34 -07:00
|
|
|
__start_timer(t, iv);
|
2012-08-09 12:44:51 -06:00
|
|
|
}
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
|
2012-08-09 12:44:51 -06:00
|
|
|
/*
|
|
|
|
|
* Ensure that the timer is firing in @interval from now.
|
|
|
|
|
*/
|
|
|
|
|
void mce_timer_kick(unsigned long interval)
|
|
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
struct timer_list *t = this_cpu_ptr(&mce_timer);
|
2012-08-09 12:44:51 -06:00
|
|
|
unsigned long iv = __this_cpu_read(mce_next_interval);
|
|
|
|
|
|
2017-01-31 01:37:34 -07:00
|
|
|
__start_timer(t, interval);
|
x86/MCE/intel: Cleanup CMCI storm logic
Initially, this started with the yet another report about a race
condition in the CMCI storm adaptive period length thing. Yes, we have
to admit, it is fragile and error prone. So let's simplify it.
The simpler logic is: now, after we enter storm mode, we go straight to
polling with CMCI_STORM_INTERVAL, i.e. once a second. We remain in storm
mode as long as we see errors being logged while polling.
Theoretically, if we see an uninterrupted error stream, we will remain
in storm mode indefinitely and keep polling the MSRs.
However, when the storm is actually a burst of errors, once we have
logged them all, we back out of it after ~5 mins of polling and no more
errors logged.
If we encounter an error during those 5 minutes, we reset the polling
interval to 5 mins.
Making machine_check_poll() return a bool and denoting whether it has
seen an error or not lets us simplify a bunch of code and move the storm
handling private to mce_intel.c.
Some minor cleanups while at it.
Reported-by: Calvin Owens <calvinowens@fb.com>
Tested-by: Tony Luck <tony.luck@intel.com>
Link: http://lkml.kernel.org/r/1417746575-23299-1-git-send-email-calvinowens@fb.com
Signed-off-by: Borislav Petkov <bp@suse.de>
2015-01-13 07:08:51 -07:00
|
|
|
|
2012-08-09 12:44:51 -06:00
|
|
|
if (interval < iv)
|
|
|
|
|
__this_cpu_write(mce_next_interval, interval);
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
}
|
|
|
|
|
|
2011-06-17 02:40:36 -06:00
|
|
|
/* Must not be called in IRQ context where del_timer_sync() can deadlock */
|
|
|
|
|
static void mce_timer_delete_all(void)
|
|
|
|
|
{
|
|
|
|
|
int cpu;
|
|
|
|
|
|
|
|
|
|
for_each_online_cpu(cpu)
|
|
|
|
|
del_timer_sync(&per_cpu(mce_timer, cpu));
|
|
|
|
|
}
|
|
|
|
|
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
/*
|
2009-02-12 05:39:28 -07:00
|
|
|
* Notify the user(s) about new machine check events.
|
|
|
|
|
* Can be called from interrupt context, but not from machine check/NMI
|
|
|
|
|
* context.
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
*/
|
2009-05-27 13:56:58 -06:00
|
|
|
int mce_notify_irq(void)
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
{
|
2009-02-12 05:49:33 -07:00
|
|
|
/* Not more than two messages every minute */
|
|
|
|
|
static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
|
|
|
|
|
|
2009-06-15 02:20:57 -06:00
|
|
|
if (test_and_clear_bit(0, &mce_need_notify)) {
|
2017-03-27 03:33:03 -06:00
|
|
|
mce_work_trigger();
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
|
2009-02-12 05:49:33 -07:00
|
|
|
if (__ratelimit(&ratelimit))
|
2010-06-08 00:35:39 -06:00
|
|
|
pr_info(HW_ERR "Machine check events logged\n");
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
|
|
|
|
|
return 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
x86_64: support poll() on /dev/mcelog
Background:
/dev/mcelog is typically polled manually. This is less than optimal for
situations where accurate accounting of MCEs is important. Calling
poll() on /dev/mcelog does not work.
Description:
This patch adds support for poll() to /dev/mcelog. This results in
immediate wakeup of user apps whenever the poller finds MCEs. Because
the exception handler can not take any locks, it can not call the wakeup
itself. Instead, it uses a thread_info flag (TIF_MCE_NOTIFY) which is
caught at the next return from interrupt or exit from idle, calling the
mce_user_notify() routine. This patch also disables the "fake panic"
path of the mce_panic(), because it results in printk()s in the exception
handler and crashy systems.
This patch also does some small cleanup for essentially unused variables,
and moves the user notification into the body of the poller, so it is
only called once per poll, rather than once per CPU.
Result:
Applications can now poll() on /dev/mcelog. When an error is logged
(whether through the poller or through an exception) the applications are
woken up promptly. This should not affect any previous behaviors. If no
MCEs are being logged, there is no overhead.
Alternatives:
I considered simply supporting poll() through the poller and not using
TIF_MCE_NOTIFY at all. However, the time between an uncorrectable error
happening and the user application being notified is *the*most* critical
window for us. Many uncorrectable errors can be logged to the network if
given a chance.
I also considered doing the MCE poll directly from the idle notifier, but
decided that was overkill.
Testing:
I used an error-injecting DIMM to create lots of correctable DRAM errors
and verified that my user app is woken up in sync with the polling interval.
I also used the northbridge to inject uncorrectable ECC errors, and
verified (printk() to the rescue) that the notify routine is called and the
user app does wake up. I built with PREEMPT on and off, and verified
that my machine survives MCEs.
[wli@holomorphy.com: build fix]
Signed-off-by: Tim Hockin <thockin@google.com>
Signed-off-by: William Irwin <bill.irwin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-21 09:10:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
2009-05-27 13:56:58 -06:00
|
|
|
EXPORT_SYMBOL_GPL(mce_notify_irq);
|
2007-05-02 11:27:19 -06:00
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
static void __mcheck_cpu_mce_banks_init(void)
|
2009-07-08 16:31:43 -06:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2019-06-07 14:18:05 -06:00
|
|
|
u8 n_banks = this_cpu_read(mce_num_banks);
|
2009-07-08 16:31:43 -06:00
|
|
|
int i;
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < n_banks; i++) {
|
2009-07-08 16:31:43 -06:00
|
|
|
struct mce_bank *b = &mce_banks[i];
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2019-06-07 14:18:06 -06:00
|
|
|
/*
|
|
|
|
|
* Init them all, __mcheck_cpu_apply_quirks() is going to apply
|
|
|
|
|
* the required vendor quirks before
|
|
|
|
|
* __mcheck_cpu_init_clear_banks() does the final bank setup.
|
|
|
|
|
*/
|
2009-07-08 16:31:43 -06:00
|
|
|
b->ctl = -1ULL;
|
|
|
|
|
b->init = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-23 14:37:23 -06:00
|
|
|
/*
|
2005-04-16 16:20:36 -06:00
|
|
|
* Initialize Machine Checks for a CPU.
|
|
|
|
|
*/
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
static void __mcheck_cpu_cap_init(void)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2009-04-08 04:31:17 -06:00
|
|
|
u64 cap;
|
2018-07-27 15:40:09 -06:00
|
|
|
u8 b;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
rdmsrl(MSR_IA32_MCG_CAP, cap);
|
2009-04-08 04:31:24 -06:00
|
|
|
|
|
|
|
|
b = cap & MCG_BANKCNT_MASK;
|
2019-06-07 14:18:05 -06:00
|
|
|
|
|
|
|
|
if (b > MAX_NR_BANKS) {
|
|
|
|
|
pr_warn("CPU%d: Using only %u machine check banks out of %u\n",
|
|
|
|
|
smp_processor_id(), MAX_NR_BANKS, b);
|
2009-02-17 15:07:13 -07:00
|
|
|
b = MAX_NR_BANKS;
|
2019-06-07 14:18:05 -06:00
|
|
|
}
|
2009-02-17 15:07:13 -07:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
this_cpu_write(mce_num_banks, b);
|
2012-10-15 10:03:57 -06:00
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
__mcheck_cpu_mce_banks_init();
|
2009-02-17 15:07:13 -07:00
|
|
|
|
2005-04-16 16:25:09 -06:00
|
|
|
/* Use accurate RIP reporting if available. */
|
2009-04-08 04:31:24 -06:00
|
|
|
if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
|
2012-10-15 11:59:18 -06:00
|
|
|
mca_cfg.rip_msr = MSR_IA32_MCG_EIP;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-05-27 13:56:57 -06:00
|
|
|
if (cap & MCG_SER_P)
|
2018-02-21 03:18:54 -07:00
|
|
|
mca_cfg.ser = 1;
|
2009-02-17 15:07:13 -07:00
|
|
|
}
|
|
|
|
|
|
2009-10-16 04:31:32 -06:00
|
|
|
static void __mcheck_cpu_init_generic(void)
|
2009-02-17 15:07:13 -07:00
|
|
|
{
|
2012-10-15 11:59:18 -06:00
|
|
|
enum mcp_flags m_fl = 0;
|
2009-04-08 04:31:17 -06:00
|
|
|
mce_banks_t all_banks;
|
2009-02-17 15:07:13 -07:00
|
|
|
u64 cap;
|
|
|
|
|
|
2012-10-15 11:59:18 -06:00
|
|
|
if (!mca_cfg.bootlog)
|
|
|
|
|
m_fl = MCP_DONTLOG;
|
|
|
|
|
|
2009-02-12 05:43:23 -07:00
|
|
|
/*
|
|
|
|
|
* Log the machine checks left over from the previous reset.
|
|
|
|
|
*/
|
2009-02-12 05:49:34 -07:00
|
|
|
bitmap_fill(all_banks, MAX_NR_BANKS);
|
2012-10-15 11:59:18 -06:00
|
|
|
machine_check_poll(MCP_UC | m_fl, &all_banks);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2014-10-24 16:58:07 -06:00
|
|
|
cr4_set_bits(X86_CR4_MCE);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-02-17 15:07:13 -07:00
|
|
|
rdmsrl(MSR_IA32_MCG_CAP, cap);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (cap & MCG_CTL_P)
|
|
|
|
|
wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
|
2016-04-30 06:33:53 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void __mcheck_cpu_init_clear_banks(void)
|
|
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2016-04-30 06:33:53 -06:00
|
|
|
int i;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2009-07-08 16:31:43 -06:00
|
|
|
struct mce_bank *b = &mce_banks[i];
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2009-07-08 16:31:43 -06:00
|
|
|
if (!b->init)
|
2009-04-27 10:37:43 -06:00
|
|
|
continue;
|
2016-04-30 06:33:55 -06:00
|
|
|
wrmsrl(msr_ops.ctl(i), b->ctl);
|
|
|
|
|
wrmsrl(msr_ops.status(i), 0);
|
2007-10-23 14:37:23 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2019-06-07 14:18:06 -06:00
|
|
|
/*
|
|
|
|
|
* Do a final check to see if there are any unused/RAZ banks.
|
|
|
|
|
*
|
|
|
|
|
* This must be done after the banks have been initialized and any quirks have
|
|
|
|
|
* been applied.
|
|
|
|
|
*
|
|
|
|
|
* Do not call this from any user-initiated flows, e.g. CPU hotplug or sysfs.
|
|
|
|
|
* Otherwise, a user who disables a bank will not be able to re-enable it
|
|
|
|
|
* without a system reboot.
|
|
|
|
|
*/
|
|
|
|
|
static void __mcheck_cpu_check_banks(void)
|
|
|
|
|
{
|
|
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
|
|
|
|
u64 msrval;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
|
|
|
|
struct mce_bank *b = &mce_banks[i];
|
|
|
|
|
|
|
|
|
|
if (!b->init)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
rdmsrl(msr_ops.ctl(i), msrval);
|
|
|
|
|
b->init = !!msrval;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-19 12:28:46 -06:00
|
|
|
/*
|
|
|
|
|
* During IFU recovery Sandy Bridge -EP4S processors set the RIPV and
|
|
|
|
|
* EIPV bits in MCG_STATUS to zero on the affected logical processor (SDM
|
|
|
|
|
* Vol 3B Table 15-20). But this confuses both the code that determines
|
|
|
|
|
* whether the machine check occurred in kernel or user mode, and also
|
|
|
|
|
* the severity assessment code. Pretend that EIPV was set, and take the
|
|
|
|
|
* ip/cs values from the pt_regs that mce_gather_info() ignored earlier.
|
|
|
|
|
*/
|
|
|
|
|
static void quirk_sandybridge_ifu(int bank, struct mce *m, struct pt_regs *regs)
|
|
|
|
|
{
|
|
|
|
|
if (bank != 0)
|
|
|
|
|
return;
|
|
|
|
|
if ((m->mcgstatus & (MCG_STATUS_EIPV|MCG_STATUS_RIPV)) != 0)
|
|
|
|
|
return;
|
|
|
|
|
if ((m->status & (MCI_STATUS_OVER|MCI_STATUS_UC|
|
|
|
|
|
MCI_STATUS_EN|MCI_STATUS_MISCV|MCI_STATUS_ADDRV|
|
|
|
|
|
MCI_STATUS_PCC|MCI_STATUS_S|MCI_STATUS_AR|
|
|
|
|
|
MCACOD)) !=
|
|
|
|
|
(MCI_STATUS_UC|MCI_STATUS_EN|
|
|
|
|
|
MCI_STATUS_MISCV|MCI_STATUS_ADDRV|MCI_STATUS_S|
|
|
|
|
|
MCI_STATUS_AR|MCACOD_INSTR))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
m->mcgstatus |= MCG_STATUS_EIPV;
|
|
|
|
|
m->ip = regs->ip;
|
|
|
|
|
m->cs = regs->cs;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/* Add per CPU specific workarounds here */
|
x86: delete __cpuinit usage from all x86 files
The __cpuinit type of throwaway sections might have made sense
some time ago when RAM was more constrained, but now the savings
do not offset the cost and complications. For example, the fix in
commit 5e427ec2d0 ("x86: Fix bit corruption at CPU resume time")
is a good example of the nasty type of bugs that can be created
with improper use of the various __init prefixes.
After a discussion on LKML[1] it was decided that cpuinit should go
the way of devinit and be phased out. Once all the users are gone,
we can then finally remove the macros themselves from linux/init.h.
Note that some harmless section mismatch warnings may result, since
notify_cpu_starting() and cpu_up() are arch independent (kernel/cpu.c)
are flagged as __cpuinit -- so if we remove the __cpuinit from
arch specific callers, we will also get section mismatch warnings.
As an intermediate step, we intend to turn the linux/init.h cpuinit
content into no-ops as early as possible, since that will get rid
of these warnings. In any case, they are temporary and harmless.
This removes all the arch/x86 uses of the __cpuinit macros from
all C files. x86 only had the one __CPUINIT used in assembly files,
and it wasn't paired off with a .previous or a __FINIT, so we can
delete it directly w/o any corresponding additional change there.
[1] https://lkml.org/lkml/2013/5/20/589
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2013-06-18 16:23:59 -06:00
|
|
|
static int __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
|
2007-10-23 14:37:23 -06:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2012-10-15 10:03:57 -06:00
|
|
|
struct mca_config *cfg = &mca_cfg;
|
|
|
|
|
|
2009-08-17 02:19:00 -06:00
|
|
|
if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
|
2012-05-21 20:50:07 -06:00
|
|
|
pr_info("unknown CPU type - not enabling MCE support\n");
|
2009-08-17 02:19:00 -06:00
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/* This should be disabled by the BIOS, but isn't always */
|
2008-04-22 09:22:21 -06:00
|
|
|
if (c->x86_vendor == X86_VENDOR_AMD) {
|
2019-06-07 14:18:05 -06:00
|
|
|
if (c->x86 == 15 && this_cpu_read(mce_num_banks) > 4) {
|
2009-04-08 04:31:17 -06:00
|
|
|
/*
|
|
|
|
|
* disable GART TBL walk error reporting, which
|
|
|
|
|
* trips off incorrectly with the IOMMU & 3ware
|
|
|
|
|
* & Cerberus:
|
|
|
|
|
*/
|
2009-07-08 16:31:43 -06:00
|
|
|
clear_bit(10, (unsigned long *)&mce_banks[4].ctl);
|
2009-04-08 04:31:17 -06:00
|
|
|
}
|
2017-06-13 10:28:35 -06:00
|
|
|
if (c->x86 < 0x11 && cfg->bootlog < 0) {
|
2009-04-08 04:31:17 -06:00
|
|
|
/*
|
|
|
|
|
* Lots of broken BIOS around that don't clear them
|
|
|
|
|
* by default and leave crap in there. Don't log:
|
|
|
|
|
*/
|
2012-10-15 11:59:18 -06:00
|
|
|
cfg->bootlog = 0;
|
2009-04-08 04:31:17 -06:00
|
|
|
}
|
2009-04-27 10:42:48 -06:00
|
|
|
/*
|
|
|
|
|
* Various K7s with broken bank 0 around. Always disable
|
|
|
|
|
* by default.
|
|
|
|
|
*/
|
2019-06-07 14:18:05 -06:00
|
|
|
if (c->x86 == 6 && this_cpu_read(mce_num_banks) > 0)
|
2009-07-08 16:31:43 -06:00
|
|
|
mce_banks[0].ctl = 0;
|
2012-04-20 10:01:34 -06:00
|
|
|
|
2015-03-23 09:42:52 -06:00
|
|
|
/*
|
|
|
|
|
* overflow_recov is supported for F15h Models 00h-0fh
|
|
|
|
|
* even though we don't have a CPUID bit for it.
|
|
|
|
|
*/
|
|
|
|
|
if (c->x86 == 0x15 && c->x86_model <= 0xf)
|
|
|
|
|
mce_flags.overflow_recov = 1;
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2005-11-05 09:25:54 -07:00
|
|
|
|
2009-04-27 10:37:43 -06:00
|
|
|
if (c->x86_vendor == X86_VENDOR_INTEL) {
|
|
|
|
|
/*
|
|
|
|
|
* SDM documents that on family 6 bank 0 should not be written
|
|
|
|
|
* because it aliases to another special BIOS controlled
|
|
|
|
|
* register.
|
|
|
|
|
* But it's not aliased anymore on model 0x1a+
|
|
|
|
|
* Don't ignore bank 0 completely because there could be a
|
|
|
|
|
* valid event later, merely don't write CTL0.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
if (c->x86 == 6 && c->x86_model < 0x1A && this_cpu_read(mce_num_banks) > 0)
|
2009-07-08 16:31:43 -06:00
|
|
|
mce_banks[0].init = 0;
|
2009-05-27 13:56:55 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* All newer Intel systems support MCE broadcasting. Enable
|
|
|
|
|
* synchronization with a one second timeout.
|
|
|
|
|
*/
|
|
|
|
|
if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
|
2012-10-15 11:59:18 -06:00
|
|
|
cfg->monarch_timeout < 0)
|
|
|
|
|
cfg->monarch_timeout = USEC_PER_SEC;
|
2009-07-28 15:52:54 -06:00
|
|
|
|
2009-08-17 02:19:00 -06:00
|
|
|
/*
|
|
|
|
|
* There are also broken BIOSes on some Pentium M and
|
|
|
|
|
* earlier systems:
|
|
|
|
|
*/
|
2012-10-15 11:59:18 -06:00
|
|
|
if (c->x86 == 6 && c->x86_model <= 13 && cfg->bootlog < 0)
|
|
|
|
|
cfg->bootlog = 0;
|
2012-07-19 12:28:46 -06:00
|
|
|
|
|
|
|
|
if (c->x86 == 6 && c->x86_model == 45)
|
|
|
|
|
quirk_no_way_out = quirk_sandybridge_ifu;
|
2009-04-27 10:37:43 -06:00
|
|
|
}
|
2012-10-15 11:59:18 -06:00
|
|
|
if (cfg->monarch_timeout < 0)
|
|
|
|
|
cfg->monarch_timeout = 0;
|
|
|
|
|
if (cfg->bootlog != 0)
|
2012-10-15 12:25:17 -06:00
|
|
|
cfg->panic_timeout = 30;
|
2009-08-17 02:19:00 -06:00
|
|
|
|
|
|
|
|
return 0;
|
2007-10-23 14:37:23 -06:00
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
x86: delete __cpuinit usage from all x86 files
The __cpuinit type of throwaway sections might have made sense
some time ago when RAM was more constrained, but now the savings
do not offset the cost and complications. For example, the fix in
commit 5e427ec2d0 ("x86: Fix bit corruption at CPU resume time")
is a good example of the nasty type of bugs that can be created
with improper use of the various __init prefixes.
After a discussion on LKML[1] it was decided that cpuinit should go
the way of devinit and be phased out. Once all the users are gone,
we can then finally remove the macros themselves from linux/init.h.
Note that some harmless section mismatch warnings may result, since
notify_cpu_starting() and cpu_up() are arch independent (kernel/cpu.c)
are flagged as __cpuinit -- so if we remove the __cpuinit from
arch specific callers, we will also get section mismatch warnings.
As an intermediate step, we intend to turn the linux/init.h cpuinit
content into no-ops as early as possible, since that will get rid
of these warnings. In any case, they are temporary and harmless.
This removes all the arch/x86 uses of the __cpuinit macros from
all C files. x86 only had the one __CPUINIT used in assembly files,
and it wasn't paired off with a .previous or a __FINIT, so we can
delete it directly w/o any corresponding additional change there.
[1] https://lkml.org/lkml/2013/5/20/589
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2013-06-18 16:23:59 -06:00
|
|
|
static int __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
{
|
|
|
|
|
if (c->x86 != 5)
|
2011-06-07 19:58:35 -06:00
|
|
|
return 0;
|
|
|
|
|
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
switch (c->x86_vendor) {
|
|
|
|
|
case X86_VENDOR_INTEL:
|
2009-06-15 02:22:49 -06:00
|
|
|
intel_p5_mcheck_init(c);
|
2011-06-07 19:58:35 -06:00
|
|
|
return 1;
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
break;
|
|
|
|
|
case X86_VENDOR_CENTAUR:
|
|
|
|
|
winchip_mcheck_init(c);
|
2011-06-07 19:58:35 -06:00
|
|
|
return 1;
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
break;
|
2015-10-30 06:11:38 -06:00
|
|
|
default:
|
|
|
|
|
return 0;
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
}
|
2011-06-07 19:58:35 -06:00
|
|
|
|
|
|
|
|
return 0;
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
}
|
|
|
|
|
|
2017-03-15 11:30:55 -06:00
|
|
|
/*
|
|
|
|
|
* Init basic CPU features needed for early decoding of MCEs.
|
|
|
|
|
*/
|
|
|
|
|
static void __mcheck_cpu_init_early(struct cpuinfo_x86 *c)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2018-09-23 03:36:04 -06:00
|
|
|
if (c->x86_vendor == X86_VENDOR_AMD || c->x86_vendor == X86_VENDOR_HYGON) {
|
2016-05-11 06:58:27 -06:00
|
|
|
mce_flags.overflow_recov = !!cpu_has(c, X86_FEATURE_OVERFLOW_RECOV);
|
|
|
|
|
mce_flags.succor = !!cpu_has(c, X86_FEATURE_SUCCOR);
|
|
|
|
|
mce_flags.smca = !!cpu_has(c, X86_FEATURE_SMCA);
|
2016-04-30 06:33:55 -06:00
|
|
|
|
|
|
|
|
if (mce_flags.smca) {
|
|
|
|
|
msr_ops.ctl = smca_ctl_reg;
|
|
|
|
|
msr_ops.status = smca_status_reg;
|
|
|
|
|
msr_ops.addr = smca_addr_reg;
|
|
|
|
|
msr_ops.misc = smca_misc_reg;
|
|
|
|
|
}
|
2017-03-15 11:30:55 -06:00
|
|
|
}
|
|
|
|
|
}
|
2015-10-30 06:11:37 -06:00
|
|
|
|
2018-04-25 04:33:39 -06:00
|
|
|
static void mce_centaur_feature_init(struct cpuinfo_x86 *c)
|
|
|
|
|
{
|
|
|
|
|
struct mca_config *cfg = &mca_cfg;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* All newer Centaur CPUs support MCE broadcasting. Enable
|
|
|
|
|
* synchronization with a one second timeout.
|
|
|
|
|
*/
|
|
|
|
|
if ((c->x86 == 6 && c->x86_model == 0xf && c->x86_stepping >= 0xe) ||
|
|
|
|
|
c->x86 > 6) {
|
|
|
|
|
if (cfg->monarch_timeout < 0)
|
|
|
|
|
cfg->monarch_timeout = USEC_PER_SEC;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-15 11:30:55 -06:00
|
|
|
static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
|
|
|
|
|
{
|
|
|
|
|
switch (c->x86_vendor) {
|
|
|
|
|
case X86_VENDOR_INTEL:
|
|
|
|
|
mce_intel_feature_init(c);
|
|
|
|
|
mce_adjust_timer = cmci_intel_adjust_timer;
|
|
|
|
|
break;
|
2015-10-30 06:11:37 -06:00
|
|
|
|
2017-03-15 11:30:55 -06:00
|
|
|
case X86_VENDOR_AMD: {
|
|
|
|
|
mce_amd_feature_init(c);
|
2005-11-05 09:25:53 -07:00
|
|
|
break;
|
2015-05-06 05:58:55 -06:00
|
|
|
}
|
2018-09-23 03:36:04 -06:00
|
|
|
|
|
|
|
|
case X86_VENDOR_HYGON:
|
|
|
|
|
mce_hygon_feature_init(c);
|
|
|
|
|
break;
|
|
|
|
|
|
2018-04-25 04:33:39 -06:00
|
|
|
case X86_VENDOR_CENTAUR:
|
|
|
|
|
mce_centaur_feature_init(c);
|
|
|
|
|
break;
|
2015-05-06 05:58:55 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-12 10:29:40 -06:00
|
|
|
static void __mcheck_cpu_clear_vendor(struct cpuinfo_x86 *c)
|
|
|
|
|
{
|
|
|
|
|
switch (c->x86_vendor) {
|
|
|
|
|
case X86_VENDOR_INTEL:
|
|
|
|
|
mce_intel_feature_clear(c);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-31 01:37:34 -07:00
|
|
|
static void mce_start_timer(struct timer_list *t)
|
2009-02-12 05:39:29 -07:00
|
|
|
{
|
2013-12-23 10:05:02 -07:00
|
|
|
unsigned long iv = check_interval * HZ;
|
2009-12-07 19:21:37 -07:00
|
|
|
|
2012-10-15 12:25:17 -06:00
|
|
|
if (mca_cfg.ignore_ce || !iv)
|
2009-06-11 01:06:07 -06:00
|
|
|
return;
|
|
|
|
|
|
2017-01-31 01:37:34 -07:00
|
|
|
this_cpu_write(mce_next_interval, iv);
|
|
|
|
|
__start_timer(t, iv);
|
2009-02-12 05:39:29 -07:00
|
|
|
}
|
|
|
|
|
|
2016-11-10 10:44:45 -07:00
|
|
|
static void __mcheck_cpu_setup_timer(void)
|
|
|
|
|
{
|
|
|
|
|
struct timer_list *t = this_cpu_ptr(&mce_timer);
|
|
|
|
|
|
2017-10-04 18:54:25 -06:00
|
|
|
timer_setup(t, mce_timer_fn, TIMER_PINNED);
|
2016-11-10 10:44:45 -07:00
|
|
|
}
|
|
|
|
|
|
2012-07-19 11:59:39 -06:00
|
|
|
static void __mcheck_cpu_init_timer(void)
|
|
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
struct timer_list *t = this_cpu_ptr(&mce_timer);
|
2012-07-19 11:59:39 -06:00
|
|
|
|
2017-10-04 18:54:25 -06:00
|
|
|
timer_setup(t, mce_timer_fn, TIMER_PINNED);
|
2017-01-31 01:37:34 -07:00
|
|
|
mce_start_timer(t);
|
2012-07-19 11:59:39 -06:00
|
|
|
}
|
|
|
|
|
|
2019-03-25 10:34:22 -06:00
|
|
|
bool filter_mce(struct mce *m)
|
|
|
|
|
{
|
2019-03-25 10:34:22 -06:00
|
|
|
if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
|
|
|
|
|
return amd_filter_mce(m);
|
|
|
|
|
|
2019-03-25 10:34:22 -06:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2009-07-08 16:31:42 -06:00
|
|
|
/* Handle unconfigured int18 (should never happen) */
|
|
|
|
|
static void unexpected_machine_check(struct pt_regs *regs, long error_code)
|
|
|
|
|
{
|
2012-05-21 20:50:07 -06:00
|
|
|
pr_err("CPU#%d: Unexpected int18 (Machine Check)\n",
|
2009-07-08 16:31:42 -06:00
|
|
|
smp_processor_id());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Call the installed machine check handler for this CPU setup. */
|
|
|
|
|
void (*machine_check_vector)(struct pt_regs *, long error_code) =
|
|
|
|
|
unexpected_machine_check;
|
|
|
|
|
|
2018-01-18 08:28:26 -07:00
|
|
|
dotraplinkage void do_mce(struct pt_regs *regs, long error_code)
|
|
|
|
|
{
|
|
|
|
|
machine_check_vector(regs, error_code);
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-23 14:37:23 -06:00
|
|
|
/*
|
2005-04-16 16:20:36 -06:00
|
|
|
* Called for each booted CPU to set up machine checks.
|
2009-04-08 04:31:17 -06:00
|
|
|
* Must be called with preempt off:
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
x86: delete __cpuinit usage from all x86 files
The __cpuinit type of throwaway sections might have made sense
some time ago when RAM was more constrained, but now the savings
do not offset the cost and complications. For example, the fix in
commit 5e427ec2d0 ("x86: Fix bit corruption at CPU resume time")
is a good example of the nasty type of bugs that can be created
with improper use of the various __init prefixes.
After a discussion on LKML[1] it was decided that cpuinit should go
the way of devinit and be phased out. Once all the users are gone,
we can then finally remove the macros themselves from linux/init.h.
Note that some harmless section mismatch warnings may result, since
notify_cpu_starting() and cpu_up() are arch independent (kernel/cpu.c)
are flagged as __cpuinit -- so if we remove the __cpuinit from
arch specific callers, we will also get section mismatch warnings.
As an intermediate step, we intend to turn the linux/init.h cpuinit
content into no-ops as early as possible, since that will get rid
of these warnings. In any case, they are temporary and harmless.
This removes all the arch/x86 uses of the __cpuinit macros from
all C files. x86 only had the one __CPUINIT used in assembly files,
and it wasn't paired off with a .previous or a __FINIT, so we can
delete it directly w/o any corresponding additional change there.
[1] https://lkml.org/lkml/2013/5/20/589
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2013-06-18 16:23:59 -06:00
|
|
|
void mcheck_cpu_init(struct cpuinfo_x86 *c)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2012-10-17 04:05:33 -06:00
|
|
|
if (mca_cfg.disabled)
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
return;
|
|
|
|
|
|
2011-06-07 19:58:35 -06:00
|
|
|
if (__mcheck_cpu_ancient_init(c))
|
|
|
|
|
return;
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
|
2009-02-12 05:39:30 -07:00
|
|
|
if (!mce_available(c))
|
2005-04-16 16:20:36 -06:00
|
|
|
return;
|
|
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
__mcheck_cpu_cap_init();
|
|
|
|
|
|
|
|
|
|
if (__mcheck_cpu_apply_quirks(c) < 0) {
|
2018-02-21 03:18:54 -07:00
|
|
|
mca_cfg.disabled = 1;
|
2009-02-17 15:07:13 -07:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-12 10:29:34 -06:00
|
|
|
if (mce_gen_pool_init()) {
|
2018-02-21 03:18:54 -07:00
|
|
|
mca_cfg.disabled = 1;
|
2015-08-12 10:29:34 -06:00
|
|
|
pr_emerg("Couldn't allocate MCE records pool!\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-27 11:25:48 -06:00
|
|
|
machine_check_vector = do_machine_check;
|
|
|
|
|
|
2017-03-15 11:30:55 -06:00
|
|
|
__mcheck_cpu_init_early(c);
|
2009-10-16 04:31:32 -06:00
|
|
|
__mcheck_cpu_init_generic();
|
|
|
|
|
__mcheck_cpu_init_vendor(c);
|
2016-04-30 06:33:53 -06:00
|
|
|
__mcheck_cpu_init_clear_banks();
|
2019-06-07 14:18:06 -06:00
|
|
|
__mcheck_cpu_check_banks();
|
2016-11-10 10:44:45 -07:00
|
|
|
__mcheck_cpu_setup_timer();
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-08-12 10:29:40 -06:00
|
|
|
/*
|
|
|
|
|
* Called for each booted CPU to clear some machine checks opt-ins
|
|
|
|
|
*/
|
|
|
|
|
void mcheck_cpu_clear(struct cpuinfo_x86 *c)
|
|
|
|
|
{
|
|
|
|
|
if (mca_cfg.disabled)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!mce_available(c))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Possibly to clear general settings generic to x86
|
|
|
|
|
* __mcheck_cpu_clear_generic(c);
|
|
|
|
|
*/
|
|
|
|
|
__mcheck_cpu_clear_vendor(c);
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2013-07-01 09:38:47 -06:00
|
|
|
static void __mce_disable_bank(void *arg)
|
|
|
|
|
{
|
|
|
|
|
int bank = *((int *)arg);
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
__clear_bit(bank, this_cpu_ptr(mce_poll_banks));
|
2013-07-01 09:38:47 -06:00
|
|
|
cmci_disable_bank(bank);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void mce_disable_bank(int bank)
|
|
|
|
|
{
|
2019-06-07 14:18:05 -06:00
|
|
|
if (bank >= this_cpu_read(mce_num_banks)) {
|
2013-07-01 09:38:47 -06:00
|
|
|
pr_warn(FW_BUG
|
|
|
|
|
"Ignoring request to disable invalid MCA bank %d.\n",
|
|
|
|
|
bank);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
set_bit(bank, mce_banks_ce_disabled);
|
|
|
|
|
on_each_cpu(__mce_disable_bank, &bank, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-26 02:39:20 -06:00
|
|
|
/*
|
2009-06-11 01:06:07 -06:00
|
|
|
* mce=off Disables machine check
|
|
|
|
|
* mce=no_cmci Disables CMCI
|
2015-06-04 10:55:23 -06:00
|
|
|
* mce=no_lmce Disables LMCE
|
2009-06-11 01:06:07 -06:00
|
|
|
* mce=dont_log_ce Clears corrected events silently, no log created for CEs.
|
|
|
|
|
* mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
|
2009-05-27 13:56:55 -06:00
|
|
|
* mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
|
|
|
|
|
* monarchtimeout is how long to wait for other CPUs on machine
|
|
|
|
|
* check, or 0 to not wait
|
2017-06-13 10:28:35 -06:00
|
|
|
* mce=bootlog Log MCEs from before booting. Disabled by default on AMD Fam10h
|
|
|
|
|
and older.
|
2009-03-26 02:39:20 -06:00
|
|
|
* mce=nobootlog Don't log MCEs from before booting.
|
2012-09-27 11:08:00 -06:00
|
|
|
* mce=bios_cmci_threshold Don't program the CMCI threshold
|
2016-09-01 12:39:33 -06:00
|
|
|
* mce=recovery force enable memcpy_mcsafe()
|
2009-03-26 02:39:20 -06:00
|
|
|
*/
|
2005-04-16 16:20:36 -06:00
|
|
|
static int __init mcheck_enable(char *str)
|
|
|
|
|
{
|
2012-10-15 10:03:57 -06:00
|
|
|
struct mca_config *cfg = &mca_cfg;
|
|
|
|
|
|
2009-07-28 15:55:09 -06:00
|
|
|
if (*str == 0) {
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
enable_p5_mce();
|
2009-07-28 15:55:09 -06:00
|
|
|
return 1;
|
|
|
|
|
}
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
if (*str == '=')
|
|
|
|
|
str++;
|
2005-04-16 16:20:36 -06:00
|
|
|
if (!strcmp(str, "off"))
|
2018-02-21 03:18:54 -07:00
|
|
|
cfg->disabled = 1;
|
2009-06-11 01:06:07 -06:00
|
|
|
else if (!strcmp(str, "no_cmci"))
|
2012-10-15 12:25:17 -06:00
|
|
|
cfg->cmci_disabled = true;
|
2015-06-04 10:55:23 -06:00
|
|
|
else if (!strcmp(str, "no_lmce"))
|
2018-02-21 03:18:54 -07:00
|
|
|
cfg->lmce_disabled = 1;
|
2009-06-11 01:06:07 -06:00
|
|
|
else if (!strcmp(str, "dont_log_ce"))
|
2012-10-15 10:03:57 -06:00
|
|
|
cfg->dont_log_ce = true;
|
2009-06-11 01:06:07 -06:00
|
|
|
else if (!strcmp(str, "ignore_ce"))
|
2012-10-15 12:25:17 -06:00
|
|
|
cfg->ignore_ce = true;
|
2009-03-26 02:39:20 -06:00
|
|
|
else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
|
2012-10-15 11:59:18 -06:00
|
|
|
cfg->bootlog = (str[0] == 'b');
|
2012-09-27 11:08:00 -06:00
|
|
|
else if (!strcmp(str, "bios_cmci_threshold"))
|
2018-02-21 03:18:54 -07:00
|
|
|
cfg->bios_cmci_threshold = 1;
|
2016-02-17 11:20:13 -07:00
|
|
|
else if (!strcmp(str, "recovery"))
|
2018-02-21 03:18:54 -07:00
|
|
|
cfg->recovery = 1;
|
2009-05-27 13:56:55 -06:00
|
|
|
else if (isdigit(str[0])) {
|
2015-05-26 02:28:21 -06:00
|
|
|
if (get_option(&str, &cfg->tolerant) == 2)
|
2012-10-15 11:59:18 -06:00
|
|
|
get_option(&str, &(cfg->monarch_timeout));
|
2009-05-27 13:56:55 -06:00
|
|
|
} else {
|
2012-05-21 20:50:07 -06:00
|
|
|
pr_info("mce argument %s ignored. Please use /sys\n", str);
|
2009-03-26 02:39:20 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
2006-03-31 03:30:33 -07:00
|
|
|
return 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
x86, mce: use 64bit machine check code on 32bit
The 64bit machine check code is in many ways much better than
the 32bit machine check code: it is more specification compliant,
is cleaner, only has a single code base versus one per CPU,
has better infrastructure for recovery, has a cleaner way to communicate
with user space etc. etc.
Use the 64bit code for 32bit too.
This is the second attempt to do this. There was one a couple of years
ago to unify this code for 32bit and 64bit. Back then this ran into some
trouble with K7s and was reverted.
I believe this time the K7 problems (and some others) are addressed.
I went over the old handlers and was very careful to retain
all quirks.
But of course this needs a lot of testing on old systems. On newer
64bit capable systems I don't expect much problems because they have been
already tested with the 64bit kernel.
I made this a CONFIG for now that still allows to select the old
machine check code. This is mostly to make testing easier,
if someone runs into a problem we can ask them to try
with the CONFIG switched.
The new code is default y for more coverage.
Once there is confidence the 64bit code works well on older hardware
too the CONFIG_X86_OLD_MCE and the associated code can be easily
removed.
This causes a behaviour change for 32bit installations. They now
have to install the mcelog package to be able to log
corrected machine checks.
The 64bit machine check code only handles CPUs which support the
standard Intel machine check architecture described in the IA32 SDM.
The 32bit code has special support for some older CPUs which
have non standard machine check architectures, in particular
WinChip C3 and Intel P5. I made those a separate CONFIG option
and kept them for now. The WinChip variant could be probably
removed without too much pain, it doesn't really do anything
interesting. P5 is also disabled by default (like it
was before) because many motherboards have it miswired, but
according to Alan Cox a few embedded setups use that one.
Forward ported/heavily changed version of old patch, original patch
included review/fixes from Thomas Gleixner, Bert Wesarg.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-04-28 11:07:31 -06:00
|
|
|
__setup("mce", mcheck_enable);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-11-09 18:38:24 -07:00
|
|
|
int __init mcheck_init(void)
|
2009-10-16 04:31:33 -06:00
|
|
|
{
|
2009-11-09 18:38:24 -07:00
|
|
|
mcheck_intel_therm_init();
|
2017-03-27 03:33:02 -06:00
|
|
|
mce_register_decode_chain(&first_nb);
|
2015-08-12 10:29:38 -06:00
|
|
|
mce_register_decode_chain(&mce_srao_nb);
|
2016-11-01 05:52:27 -06:00
|
|
|
mce_register_decode_chain(&mce_default_nb);
|
2015-03-23 09:42:53 -06:00
|
|
|
mcheck_vendor_init_severity();
|
2009-11-09 18:38:24 -07:00
|
|
|
|
2017-01-23 11:35:13 -07:00
|
|
|
INIT_WORK(&mce_work, mce_gen_pool_process);
|
2015-08-12 10:29:35 -06:00
|
|
|
init_irq_work(&mce_irq_work, mce_irq_work_cb);
|
|
|
|
|
|
2009-10-16 04:31:33 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-23 14:37:23 -06:00
|
|
|
/*
|
2011-06-07 20:02:03 -06:00
|
|
|
* mce_syscore: PM support
|
2007-10-23 14:37:23 -06:00
|
|
|
*/
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-02-12 05:39:32 -07:00
|
|
|
/*
|
|
|
|
|
* Disable machine checks on suspend and shutdown. We can't really handle
|
|
|
|
|
* them later.
|
|
|
|
|
*/
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
static void mce_disable_error_reporting(void)
|
2009-02-12 05:39:32 -07:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2009-02-12 05:39:32 -07:00
|
|
|
int i;
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2009-07-08 16:31:43 -06:00
|
|
|
struct mce_bank *b = &mce_banks[i];
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2009-07-08 16:31:43 -06:00
|
|
|
if (b->init)
|
2016-04-30 06:33:55 -06:00
|
|
|
wrmsrl(msr_ops.ctl(i), 0);
|
2009-04-27 10:37:43 -06:00
|
|
|
}
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void vendor_disable_error_reporting(void)
|
|
|
|
|
{
|
|
|
|
|
/*
|
2018-09-23 03:36:04 -06:00
|
|
|
* Don't clear on Intel or AMD or Hygon CPUs. Some of these MSRs
|
|
|
|
|
* are socket-wide.
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
* Disabling them for just a single offlined CPU is bad, since it will
|
|
|
|
|
* inhibit reporting for all shared resources on the socket like the
|
|
|
|
|
* last level cache (LLC), the integrated memory controller (iMC), etc.
|
|
|
|
|
*/
|
2017-06-13 10:28:34 -06:00
|
|
|
if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
|
2018-09-23 03:36:04 -06:00
|
|
|
boot_cpu_data.x86_vendor == X86_VENDOR_HYGON ||
|
2017-06-13 10:28:34 -06:00
|
|
|
boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
mce_disable_error_reporting();
|
2009-02-12 05:39:32 -07:00
|
|
|
}
|
|
|
|
|
|
2011-06-07 20:02:03 -06:00
|
|
|
static int mce_syscore_suspend(void)
|
2009-02-12 05:39:32 -07:00
|
|
|
{
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
vendor_disable_error_reporting();
|
|
|
|
|
return 0;
|
2009-02-12 05:39:32 -07:00
|
|
|
}
|
|
|
|
|
|
2011-06-07 20:02:03 -06:00
|
|
|
static void mce_syscore_shutdown(void)
|
2009-02-12 05:39:32 -07:00
|
|
|
{
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
vendor_disable_error_reporting();
|
2009-02-12 05:39:32 -07:00
|
|
|
}
|
|
|
|
|
|
2009-04-08 04:31:17 -06:00
|
|
|
/*
|
|
|
|
|
* On resume clear all MCE state. Don't want to see leftovers from the BIOS.
|
|
|
|
|
* Only one CPU is active at this time, the others get re-added later using
|
|
|
|
|
* CPU hotplug:
|
|
|
|
|
*/
|
2011-06-07 20:02:03 -06:00
|
|
|
static void mce_syscore_resume(void)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2009-10-16 04:31:32 -06:00
|
|
|
__mcheck_cpu_init_generic();
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
__mcheck_cpu_init_vendor(raw_cpu_ptr(&cpu_info));
|
2016-04-30 06:33:53 -06:00
|
|
|
__mcheck_cpu_init_clear_banks();
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2011-03-23 15:15:54 -06:00
|
|
|
static struct syscore_ops mce_syscore_ops = {
|
2011-06-07 20:02:03 -06:00
|
|
|
.suspend = mce_syscore_suspend,
|
|
|
|
|
.shutdown = mce_syscore_shutdown,
|
|
|
|
|
.resume = mce_syscore_resume,
|
2011-03-23 15:15:54 -06:00
|
|
|
};
|
|
|
|
|
|
2011-06-07 20:02:03 -06:00
|
|
|
/*
|
2011-12-21 15:29:42 -07:00
|
|
|
* mce_device: Sysfs support
|
2011-06-07 20:02:03 -06:00
|
|
|
*/
|
|
|
|
|
|
2009-02-12 05:39:29 -07:00
|
|
|
static void mce_cpu_restart(void *data)
|
|
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (!mce_available(raw_cpu_ptr(&cpu_info)))
|
2009-06-15 02:18:45 -06:00
|
|
|
return;
|
2009-10-16 04:31:32 -06:00
|
|
|
__mcheck_cpu_init_generic();
|
2016-04-30 06:33:53 -06:00
|
|
|
__mcheck_cpu_init_clear_banks();
|
2009-10-16 04:31:32 -06:00
|
|
|
__mcheck_cpu_init_timer();
|
2009-02-12 05:39:29 -07:00
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/* Reinit MCEs after user configuration changes */
|
2007-10-23 14:37:23 -06:00
|
|
|
static void mce_restart(void)
|
|
|
|
|
{
|
2011-06-17 02:40:36 -06:00
|
|
|
mce_timer_delete_all();
|
2009-02-12 05:39:29 -07:00
|
|
|
on_each_cpu(mce_cpu_restart, NULL, 1);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2009-06-15 02:21:36 -06:00
|
|
|
/* Toggle features for corrected errors */
|
2011-06-17 02:40:36 -06:00
|
|
|
static void mce_disable_cmci(void *data)
|
2009-06-15 02:21:36 -06:00
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (!mce_available(raw_cpu_ptr(&cpu_info)))
|
2009-06-15 02:21:36 -06:00
|
|
|
return;
|
|
|
|
|
cmci_clear();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void mce_enable_ce(void *all)
|
|
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (!mce_available(raw_cpu_ptr(&cpu_info)))
|
2009-06-15 02:21:36 -06:00
|
|
|
return;
|
|
|
|
|
cmci_reenable();
|
|
|
|
|
cmci_recheck();
|
|
|
|
|
if (all)
|
2009-10-16 04:31:32 -06:00
|
|
|
__mcheck_cpu_init_timer();
|
2009-06-15 02:21:36 -06:00
|
|
|
}
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static struct bus_type mce_subsys = {
|
2009-04-08 04:31:17 -06:00
|
|
|
.name = "machinecheck",
|
2011-12-21 15:29:42 -07:00
|
|
|
.dev_name = "machinecheck",
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
2012-01-26 16:49:14 -07:00
|
|
|
DEFINE_PER_CPU(struct device *, mce_device);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
static inline struct mce_bank_dev *attr_to_bank(struct device_attribute *attr)
|
2009-07-08 16:31:43 -06:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
return container_of(attr, struct mce_bank_dev, attr);
|
2009-07-08 16:31:43 -06:00
|
|
|
}
|
2009-02-17 15:07:13 -07:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static ssize_t show_bank(struct device *s, struct device_attribute *attr,
|
2009-02-17 15:07:13 -07:00
|
|
|
char *buf)
|
|
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
u8 bank = attr_to_bank(attr)->bank;
|
|
|
|
|
struct mce_bank *b;
|
|
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
if (bank >= per_cpu(mce_num_banks, s->id))
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
b = &per_cpu(mce_banks_array, s->id)[bank];
|
|
|
|
|
|
2019-06-07 14:18:06 -06:00
|
|
|
if (!b->init)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
return sprintf(buf, "%llx\n", b->ctl);
|
2009-02-17 15:07:13 -07:00
|
|
|
}
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static ssize_t set_bank(struct device *s, struct device_attribute *attr,
|
2009-04-14 02:26:30 -06:00
|
|
|
const char *buf, size_t size)
|
2009-02-17 15:07:13 -07:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
u8 bank = attr_to_bank(attr)->bank;
|
|
|
|
|
struct mce_bank *b;
|
2009-04-14 02:26:30 -06:00
|
|
|
u64 new;
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2014-08-08 15:24:03 -06:00
|
|
|
if (kstrtou64(buf, 0, &new) < 0)
|
2009-02-17 15:07:13 -07:00
|
|
|
return -EINVAL;
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
if (bank >= per_cpu(mce_num_banks, s->id))
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
b = &per_cpu(mce_banks_array, s->id)[bank];
|
|
|
|
|
|
2019-06-07 14:18:06 -06:00
|
|
|
if (!b->init)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
b->ctl = new;
|
2009-02-17 15:07:13 -07:00
|
|
|
mce_restart();
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2009-04-14 02:26:30 -06:00
|
|
|
return size;
|
2009-02-17 15:07:13 -07:00
|
|
|
}
|
2007-02-13 05:26:23 -07:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static ssize_t set_ignore_ce(struct device *s,
|
|
|
|
|
struct device_attribute *attr,
|
2009-06-15 02:21:36 -06:00
|
|
|
const char *buf, size_t size)
|
|
|
|
|
{
|
|
|
|
|
u64 new;
|
|
|
|
|
|
2014-08-08 15:24:03 -06:00
|
|
|
if (kstrtou64(buf, 0, &new) < 0)
|
2009-06-15 02:21:36 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2018-03-06 07:21:43 -07:00
|
|
|
mutex_lock(&mce_sysfs_mutex);
|
2012-10-15 12:25:17 -06:00
|
|
|
if (mca_cfg.ignore_ce ^ !!new) {
|
2009-06-15 02:21:36 -06:00
|
|
|
if (new) {
|
|
|
|
|
/* disable ce features */
|
2011-06-17 02:40:36 -06:00
|
|
|
mce_timer_delete_all();
|
|
|
|
|
on_each_cpu(mce_disable_cmci, NULL, 1);
|
2012-10-15 12:25:17 -06:00
|
|
|
mca_cfg.ignore_ce = true;
|
2009-06-15 02:21:36 -06:00
|
|
|
} else {
|
|
|
|
|
/* enable ce features */
|
2012-10-15 12:25:17 -06:00
|
|
|
mca_cfg.ignore_ce = false;
|
2009-06-15 02:21:36 -06:00
|
|
|
on_each_cpu(mce_enable_ce, (void *)1, 1);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-06 07:21:43 -07:00
|
|
|
mutex_unlock(&mce_sysfs_mutex);
|
|
|
|
|
|
2009-06-15 02:21:36 -06:00
|
|
|
return size;
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static ssize_t set_cmci_disabled(struct device *s,
|
|
|
|
|
struct device_attribute *attr,
|
2009-06-15 02:21:36 -06:00
|
|
|
const char *buf, size_t size)
|
|
|
|
|
{
|
|
|
|
|
u64 new;
|
|
|
|
|
|
2014-08-08 15:24:03 -06:00
|
|
|
if (kstrtou64(buf, 0, &new) < 0)
|
2009-06-15 02:21:36 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2018-03-06 07:21:43 -07:00
|
|
|
mutex_lock(&mce_sysfs_mutex);
|
2012-10-15 12:25:17 -06:00
|
|
|
if (mca_cfg.cmci_disabled ^ !!new) {
|
2009-06-15 02:21:36 -06:00
|
|
|
if (new) {
|
|
|
|
|
/* disable cmci */
|
2011-06-17 02:40:36 -06:00
|
|
|
on_each_cpu(mce_disable_cmci, NULL, 1);
|
2012-10-15 12:25:17 -06:00
|
|
|
mca_cfg.cmci_disabled = true;
|
2009-06-15 02:21:36 -06:00
|
|
|
} else {
|
|
|
|
|
/* enable cmci */
|
2012-10-15 12:25:17 -06:00
|
|
|
mca_cfg.cmci_disabled = false;
|
2009-06-15 02:21:36 -06:00
|
|
|
on_each_cpu(mce_enable_ce, NULL, 1);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-06 07:21:43 -07:00
|
|
|
mutex_unlock(&mce_sysfs_mutex);
|
|
|
|
|
|
2009-06-15 02:21:36 -06:00
|
|
|
return size;
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static ssize_t store_int_with_restart(struct device *s,
|
|
|
|
|
struct device_attribute *attr,
|
2009-05-27 13:56:52 -06:00
|
|
|
const char *buf, size_t size)
|
|
|
|
|
{
|
2018-03-06 07:21:43 -07:00
|
|
|
unsigned long old_check_interval = check_interval;
|
|
|
|
|
ssize_t ret = device_store_ulong(s, attr, buf, size);
|
|
|
|
|
|
|
|
|
|
if (check_interval == old_check_interval)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
mutex_lock(&mce_sysfs_mutex);
|
2009-05-27 13:56:52 -06:00
|
|
|
mce_restart();
|
2018-03-06 07:21:43 -07:00
|
|
|
mutex_unlock(&mce_sysfs_mutex);
|
|
|
|
|
|
2009-05-27 13:56:52 -06:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-15 10:03:57 -06:00
|
|
|
static DEVICE_INT_ATTR(tolerant, 0644, mca_cfg.tolerant);
|
2012-10-15 11:59:18 -06:00
|
|
|
static DEVICE_INT_ATTR(monarch_timeout, 0644, mca_cfg.monarch_timeout);
|
2012-10-15 10:03:57 -06:00
|
|
|
static DEVICE_BOOL_ATTR(dont_log_ce, 0644, mca_cfg.dont_log_ce);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static struct dev_ext_attribute dev_attr_check_interval = {
|
|
|
|
|
__ATTR(check_interval, 0644, device_show_int, store_int_with_restart),
|
2009-05-27 13:56:52 -06:00
|
|
|
&check_interval
|
|
|
|
|
};
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static struct dev_ext_attribute dev_attr_ignore_ce = {
|
2012-10-15 12:25:17 -06:00
|
|
|
__ATTR(ignore_ce, 0644, device_show_bool, set_ignore_ce),
|
|
|
|
|
&mca_cfg.ignore_ce
|
2009-06-15 02:21:36 -06:00
|
|
|
};
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static struct dev_ext_attribute dev_attr_cmci_disabled = {
|
2012-10-15 12:25:17 -06:00
|
|
|
__ATTR(cmci_disabled, 0644, device_show_bool, set_cmci_disabled),
|
|
|
|
|
&mca_cfg.cmci_disabled
|
2009-06-15 02:21:36 -06:00
|
|
|
};
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static struct device_attribute *mce_device_attrs[] = {
|
|
|
|
|
&dev_attr_tolerant.attr,
|
|
|
|
|
&dev_attr_check_interval.attr,
|
2017-03-27 03:33:03 -06:00
|
|
|
#ifdef CONFIG_X86_MCELOG_LEGACY
|
2011-12-21 15:29:42 -07:00
|
|
|
&dev_attr_trigger,
|
2017-03-27 03:33:03 -06:00
|
|
|
#endif
|
2011-12-21 15:29:42 -07:00
|
|
|
&dev_attr_monarch_timeout.attr,
|
|
|
|
|
&dev_attr_dont_log_ce.attr,
|
|
|
|
|
&dev_attr_ignore_ce.attr,
|
|
|
|
|
&dev_attr_cmci_disabled.attr,
|
2007-02-13 05:26:23 -07:00
|
|
|
NULL
|
|
|
|
|
};
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
static cpumask_var_t mce_device_initialized;
|
2007-11-14 18:00:44 -07:00
|
|
|
|
2012-01-16 15:40:28 -07:00
|
|
|
static void mce_device_release(struct device *dev)
|
|
|
|
|
{
|
|
|
|
|
kfree(dev);
|
|
|
|
|
}
|
|
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
/* Per CPU device init. All of the CPUs still share the same bank device: */
|
x86: delete __cpuinit usage from all x86 files
The __cpuinit type of throwaway sections might have made sense
some time ago when RAM was more constrained, but now the savings
do not offset the cost and complications. For example, the fix in
commit 5e427ec2d0 ("x86: Fix bit corruption at CPU resume time")
is a good example of the nasty type of bugs that can be created
with improper use of the various __init prefixes.
After a discussion on LKML[1] it was decided that cpuinit should go
the way of devinit and be phased out. Once all the users are gone,
we can then finally remove the macros themselves from linux/init.h.
Note that some harmless section mismatch warnings may result, since
notify_cpu_starting() and cpu_up() are arch independent (kernel/cpu.c)
are flagged as __cpuinit -- so if we remove the __cpuinit from
arch specific callers, we will also get section mismatch warnings.
As an intermediate step, we intend to turn the linux/init.h cpuinit
content into no-ops as early as possible, since that will get rid
of these warnings. In any case, they are temporary and harmless.
This removes all the arch/x86 uses of the __cpuinit macros from
all C files. x86 only had the one __CPUINIT used in assembly files,
and it wasn't paired off with a .previous or a __FINIT, so we can
delete it directly w/o any corresponding additional change there.
[1] https://lkml.org/lkml/2013/5/20/589
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2013-06-18 16:23:59 -06:00
|
|
|
static int mce_device_create(unsigned int cpu)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2012-01-16 15:40:28 -07:00
|
|
|
struct device *dev;
|
2005-04-16 16:20:36 -06:00
|
|
|
int err;
|
2009-06-17 23:53:24 -06:00
|
|
|
int i, j;
|
2007-10-19 12:35:04 -06:00
|
|
|
|
2007-11-06 18:12:58 -07:00
|
|
|
if (!mce_available(&boot_cpu_data))
|
2005-07-28 22:15:39 -06:00
|
|
|
return -EIO;
|
|
|
|
|
|
2016-11-10 10:44:43 -07:00
|
|
|
dev = per_cpu(mce_device, cpu);
|
|
|
|
|
if (dev)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2018-10-28 06:58:28 -06:00
|
|
|
dev = kzalloc(sizeof(*dev), GFP_KERNEL);
|
2012-01-16 15:40:28 -07:00
|
|
|
if (!dev)
|
|
|
|
|
return -ENOMEM;
|
2011-12-21 15:29:42 -07:00
|
|
|
dev->id = cpu;
|
|
|
|
|
dev->bus = &mce_subsys;
|
2012-01-16 15:40:28 -07:00
|
|
|
dev->release = &mce_device_release;
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
err = device_register(dev);
|
2013-11-29 13:28:48 -07:00
|
|
|
if (err) {
|
|
|
|
|
put_device(dev);
|
2007-10-18 04:05:15 -06:00
|
|
|
return err;
|
2013-11-29 13:28:48 -07:00
|
|
|
}
|
2007-10-18 04:05:15 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
for (i = 0; mce_device_attrs[i]; i++) {
|
|
|
|
|
err = device_create_file(dev, mce_device_attrs[i]);
|
2007-10-18 04:05:15 -06:00
|
|
|
if (err)
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2019-06-07 14:18:05 -06:00
|
|
|
for (j = 0; j < per_cpu(mce_num_banks, cpu); j++) {
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
err = device_create_file(dev, &mce_bank_devs[j].attr);
|
2009-02-17 15:07:13 -07:00
|
|
|
if (err)
|
|
|
|
|
goto error2;
|
|
|
|
|
}
|
2011-12-21 15:29:42 -07:00
|
|
|
cpumask_set_cpu(cpu, mce_device_initialized);
|
2012-01-26 16:49:14 -07:00
|
|
|
per_cpu(mce_device, cpu) = dev;
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2007-10-18 04:05:15 -06:00
|
|
|
return 0;
|
2009-02-17 15:07:13 -07:00
|
|
|
error2:
|
2009-06-17 23:53:24 -06:00
|
|
|
while (--j >= 0)
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
device_remove_file(dev, &mce_bank_devs[j].attr);
|
2007-10-18 04:05:15 -06:00
|
|
|
error:
|
2009-04-08 04:31:17 -06:00
|
|
|
while (--i >= 0)
|
2011-12-21 15:29:42 -07:00
|
|
|
device_remove_file(dev, mce_device_attrs[i]);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
device_unregister(dev);
|
2007-10-18 04:05:15 -06:00
|
|
|
|
2005-07-28 22:15:39 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
x86: delete __cpuinit usage from all x86 files
The __cpuinit type of throwaway sections might have made sense
some time ago when RAM was more constrained, but now the savings
do not offset the cost and complications. For example, the fix in
commit 5e427ec2d0 ("x86: Fix bit corruption at CPU resume time")
is a good example of the nasty type of bugs that can be created
with improper use of the various __init prefixes.
After a discussion on LKML[1] it was decided that cpuinit should go
the way of devinit and be phased out. Once all the users are gone,
we can then finally remove the macros themselves from linux/init.h.
Note that some harmless section mismatch warnings may result, since
notify_cpu_starting() and cpu_up() are arch independent (kernel/cpu.c)
are flagged as __cpuinit -- so if we remove the __cpuinit from
arch specific callers, we will also get section mismatch warnings.
As an intermediate step, we intend to turn the linux/init.h cpuinit
content into no-ops as early as possible, since that will get rid
of these warnings. In any case, they are temporary and harmless.
This removes all the arch/x86 uses of the __cpuinit macros from
all C files. x86 only had the one __CPUINIT used in assembly files,
and it wasn't paired off with a .previous or a __FINIT, so we can
delete it directly w/o any corresponding additional change there.
[1] https://lkml.org/lkml/2013/5/20/589
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2013-06-18 16:23:59 -06:00
|
|
|
static void mce_device_remove(unsigned int cpu)
|
2005-07-28 22:15:39 -06:00
|
|
|
{
|
2012-01-26 16:49:14 -07:00
|
|
|
struct device *dev = per_cpu(mce_device, cpu);
|
2006-01-11 14:43:06 -07:00
|
|
|
int i;
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
if (!cpumask_test_cpu(cpu, mce_device_initialized))
|
2007-11-14 18:00:44 -07:00
|
|
|
return;
|
|
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
for (i = 0; mce_device_attrs[i]; i++)
|
|
|
|
|
device_remove_file(dev, mce_device_attrs[i]);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < per_cpu(mce_num_banks, cpu); i++)
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
device_remove_file(dev, &mce_bank_devs[i].attr);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
device_unregister(dev);
|
|
|
|
|
cpumask_clear_cpu(cpu, mce_device_initialized);
|
2012-01-26 16:49:14 -07:00
|
|
|
per_cpu(mce_device, cpu) = NULL;
|
2005-07-28 22:15:39 -06:00
|
|
|
}
|
|
|
|
|
|
2009-02-12 05:39:31 -07:00
|
|
|
/* Make sure there are no machine checks on offlined CPUs. */
|
2016-11-10 10:44:45 -07:00
|
|
|
static void mce_disable_cpu(void)
|
2009-02-12 05:39:31 -07:00
|
|
|
{
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (!mce_available(raw_cpu_ptr(&cpu_info)))
|
2009-02-12 05:39:31 -07:00
|
|
|
return;
|
2009-11-26 01:29:02 -07:00
|
|
|
|
2016-11-10 10:44:45 -07:00
|
|
|
if (!cpuhp_tasks_frozen)
|
2009-02-12 05:49:36 -07:00
|
|
|
cmci_clear();
|
2009-09-23 09:49:55 -06:00
|
|
|
|
x86/mce: Don't clear shared banks on Intel when offlining CPUs
It is not safe to clear global MCi_CTL banks during CPU offline
or suspend/resume operations. These MSRs are either
thread-scoped (meaning private to a thread), or core-scoped
(private to threads in that core only), or with a socket scope:
visible and controllable from all threads in the socket.
When we offline a single CPU, clearing those MCi_CTL bits will
stop signaling for all the shared, i.e., socket-wide resources,
such as LLC, iMC, etc.
In addition, it might be possible to compromise the integrity of
an Intel Secure Guard eXtentions (SGX) system if the attacker
has control of the host system and is able to inject errors
which would be otherwise ignored when MCi_CTL bits are cleared.
Hence on SGX enabled systems, if MCi_CTL is cleared, SGX gets
disabled.
Tested-by: Serge Ayoun <serge.ayoun@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Cleanup text. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1441391390-16985-1-git-send-email-ashok.raj@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-28 01:21:43 -06:00
|
|
|
vendor_disable_error_reporting();
|
2009-02-12 05:39:31 -07:00
|
|
|
}
|
|
|
|
|
|
2016-11-10 10:44:45 -07:00
|
|
|
static void mce_reenable_cpu(void)
|
2009-02-12 05:39:31 -07:00
|
|
|
{
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
struct mce_bank *mce_banks = this_cpu_ptr(mce_banks_array);
|
2009-04-08 04:31:17 -06:00
|
|
|
int i;
|
2009-02-12 05:39:31 -07:00
|
|
|
|
x86: Replace __get_cpu_var uses
__get_cpu_var() is used for multiple purposes in the kernel source. One of
them is address calculation via the form &__get_cpu_var(x). This calculates
the address for the instance of the percpu variable of the current processor
based on an offset.
Other use cases are for storing and retrieving data from the current
processors percpu area. __get_cpu_var() can be used as an lvalue when
writing data or on the right side of an assignment.
__get_cpu_var() is defined as :
#define __get_cpu_var(var) (*this_cpu_ptr(&(var)))
__get_cpu_var() always only does an address determination. However, store
and retrieve operations could use a segment prefix (or global register on
other platforms) to avoid the address calculation.
this_cpu_write() and this_cpu_read() can directly take an offset into a
percpu area and use optimized assembly code to read and write per cpu
variables.
This patch converts __get_cpu_var into either an explicit address
calculation using this_cpu_ptr() or into a use of this_cpu operations that
use the offset. Thereby address calculations are avoided and less registers
are used when code is generated.
Transformations done to __get_cpu_var()
1. Determine the address of the percpu instance of the current processor.
DEFINE_PER_CPU(int, y);
int *x = &__get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(&y);
2. Same as #1 but this time an array structure is involved.
DEFINE_PER_CPU(int, y[20]);
int *x = __get_cpu_var(y);
Converts to
int *x = this_cpu_ptr(y);
3. Retrieve the content of the current processors instance of a per cpu
variable.
DEFINE_PER_CPU(int, y);
int x = __get_cpu_var(y)
Converts to
int x = __this_cpu_read(y);
4. Retrieve the content of a percpu struct
DEFINE_PER_CPU(struct mystruct, y);
struct mystruct x = __get_cpu_var(y);
Converts to
memcpy(&x, this_cpu_ptr(&y), sizeof(x));
5. Assignment to a per cpu variable
DEFINE_PER_CPU(int, y)
__get_cpu_var(y) = x;
Converts to
__this_cpu_write(y, x);
6. Increment/Decrement etc of a per cpu variable
DEFINE_PER_CPU(int, y);
__get_cpu_var(y)++
Converts to
__this_cpu_inc(y)
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2014-08-17 11:30:40 -06:00
|
|
|
if (!mce_available(raw_cpu_ptr(&cpu_info)))
|
2009-02-12 05:39:31 -07:00
|
|
|
return;
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2016-11-10 10:44:45 -07:00
|
|
|
if (!cpuhp_tasks_frozen)
|
2009-02-12 05:49:36 -07:00
|
|
|
cmci_reenable();
|
2019-06-07 14:18:05 -06:00
|
|
|
for (i = 0; i < this_cpu_read(mce_num_banks); i++) {
|
2009-07-08 16:31:43 -06:00
|
|
|
struct mce_bank *b = &mce_banks[i];
|
2009-09-23 09:49:55 -06:00
|
|
|
|
2009-07-08 16:31:43 -06:00
|
|
|
if (b->init)
|
2016-04-30 06:33:55 -06:00
|
|
|
wrmsrl(msr_ops.ctl(i), b->ctl);
|
2009-04-27 10:37:43 -06:00
|
|
|
}
|
2009-02-12 05:39:31 -07:00
|
|
|
}
|
|
|
|
|
|
2016-11-10 10:44:47 -07:00
|
|
|
static int mce_cpu_dead(unsigned int cpu)
|
2005-07-28 22:15:39 -06:00
|
|
|
{
|
2016-11-10 10:44:47 -07:00
|
|
|
mce_intel_hcpu_update(cpu);
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2016-11-10 10:44:47 -07:00
|
|
|
/* intentionally ignoring frozen here */
|
|
|
|
|
if (!cpuhp_tasks_frozen)
|
|
|
|
|
cmci_rediscover();
|
|
|
|
|
return 0;
|
2005-07-28 22:15:39 -06:00
|
|
|
}
|
|
|
|
|
|
2016-11-10 10:44:46 -07:00
|
|
|
static int mce_cpu_online(unsigned int cpu)
|
2005-07-28 22:15:39 -06:00
|
|
|
{
|
2017-01-31 01:37:34 -07:00
|
|
|
struct timer_list *t = this_cpu_ptr(&mce_timer);
|
2016-11-10 10:44:46 -07:00
|
|
|
int ret;
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2016-11-10 10:44:46 -07:00
|
|
|
mce_device_create(cpu);
|
2014-05-22 08:40:54 -06:00
|
|
|
|
2016-11-10 10:44:46 -07:00
|
|
|
ret = mce_threshold_create_device(cpu);
|
|
|
|
|
if (ret) {
|
|
|
|
|
mce_device_remove(cpu);
|
|
|
|
|
return ret;
|
2012-07-19 11:59:40 -06:00
|
|
|
}
|
2016-11-10 10:44:46 -07:00
|
|
|
mce_reenable_cpu();
|
2017-01-31 01:37:34 -07:00
|
|
|
mce_start_timer(t);
|
2016-11-10 10:44:46 -07:00
|
|
|
return 0;
|
2005-07-28 22:15:39 -06:00
|
|
|
}
|
|
|
|
|
|
2016-11-10 10:44:46 -07:00
|
|
|
static int mce_cpu_pre_down(unsigned int cpu)
|
|
|
|
|
{
|
2017-01-31 01:37:34 -07:00
|
|
|
struct timer_list *t = this_cpu_ptr(&mce_timer);
|
2016-11-10 10:44:46 -07:00
|
|
|
|
|
|
|
|
mce_disable_cpu();
|
|
|
|
|
del_timer_sync(t);
|
|
|
|
|
mce_threshold_remove_device(cpu);
|
|
|
|
|
mce_device_remove(cpu);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2009-07-08 16:31:43 -06:00
|
|
|
static __init void mce_init_banks(void)
|
2009-02-17 15:07:13 -07:00
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
for (i = 0; i < MAX_NR_BANKS; i++) {
|
|
|
|
|
struct mce_bank_dev *b = &mce_bank_devs[i];
|
2011-12-21 15:29:42 -07:00
|
|
|
struct device_attribute *a = &b->attr;
|
2009-04-08 04:31:17 -06:00
|
|
|
|
x86/MCE: Make mce_banks a per-CPU array
Current AMD systems have unique MCA banks per logical CPU even though
the type of the banks may all align to the same bank number. Each CPU
will have control of a set of MCA banks in the hardware and these are
not shared with other CPUs.
For example, bank 0 may be the Load-Store Unit on every logical CPU, but
each bank 0 is a unique structure in the hardware. In other words, there
isn't a *single* Load-Store Unit at MCA bank 0 that all logical CPUs
share.
This idea extends even to non-core MCA banks. For example, CPU0 and CPU4
may see a Unified Memory Controller at bank 15, but each CPU is actually
seeing a unique hardware structure that is not shared with other CPUs.
Because the MCA banks are all unique hardware structures, it would be
good to control them in a more granular way. For example, if there is a
known issue with the Floating Point Unit on CPU5 and a user wishes to
disable an error type on the Floating Point Unit, then it would be good
to do this only for CPU5 rather than all CPUs.
Also, future AMD systems may have heterogeneous MCA banks. Meaning
the bank numbers may not necessarily represent the same types between
CPUs. For example, bank 20 visible to CPU0 may be a Unified Memory
Controller and bank 20 visible to CPU4 may be a Coherent Slave. So
granular control will be even more necessary should the user wish to
control specific MCA banks.
Split the device attributes from struct mce_bank leaving only the MCA
bank control fields.
Make struct mce_banks[] per_cpu in order to have more granular control
over individual MCA banks in the hardware.
Allocate the device attributes statically based on the maximum number of
MCA banks supported. The sysfs interface will use as many as needed per
CPU. Currently, this is set to mca_cfg.banks, but will be changed to a
per_cpu bank count in a future patch.
Allocate the MCA control bits statically. This is in order to avoid
locking warnings when memory is allocated during secondary CPUs' init
sequences.
Also, remove the now unnecessary return values from
__mcheck_cpu_mce_banks_init() and __mcheck_cpu_cap_init().
Redo the sysfs store/show functions to handle the per_cpu mce_banks[].
[ bp: s/mce_banks_percpu/mce_banks_array/g ]
[ Locking issue reported by ]
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190607201752.221446-3-Yazen.Ghannam@amd.com
2019-06-07 14:18:04 -06:00
|
|
|
b->bank = i;
|
|
|
|
|
|
2010-02-11 16:23:05 -07:00
|
|
|
sysfs_attr_init(&a->attr);
|
2009-07-08 16:31:43 -06:00
|
|
|
a->attr.name = b->attrname;
|
|
|
|
|
snprintf(b->attrname, ATTR_LEN, "bank%d", i);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
|
|
|
|
a->attr.mode = 0644;
|
|
|
|
|
a->show = show_bank;
|
|
|
|
|
a->store = set_bank;
|
2009-02-17 15:07:13 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-16 04:31:32 -06:00
|
|
|
static __init int mcheck_init_device(void)
|
2005-07-28 22:15:39 -06:00
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2018-02-14 04:16:53 -07:00
|
|
|
/*
|
|
|
|
|
* Check if we have a spare virtual bit. This will only become
|
|
|
|
|
* a problem if/when we move beyond 5-level page tables.
|
|
|
|
|
*/
|
|
|
|
|
MAYBE_BUILD_BUG_ON(__VIRTUAL_MASK_SHIFT >= 63);
|
|
|
|
|
|
2014-05-28 01:12:37 -06:00
|
|
|
if (!mce_available(&boot_cpu_data)) {
|
|
|
|
|
err = -EIO;
|
|
|
|
|
goto err_out;
|
|
|
|
|
}
|
2009-02-17 15:07:13 -07:00
|
|
|
|
2014-05-28 01:12:37 -06:00
|
|
|
if (!zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL)) {
|
|
|
|
|
err = -ENOMEM;
|
|
|
|
|
goto err_out;
|
|
|
|
|
}
|
2009-03-12 22:19:51 -06:00
|
|
|
|
2009-07-08 16:31:43 -06:00
|
|
|
mce_init_banks();
|
2009-02-17 15:07:13 -07:00
|
|
|
|
2011-12-21 15:29:42 -07:00
|
|
|
err = subsys_system_register(&mce_subsys, NULL);
|
2007-10-18 04:05:15 -06:00
|
|
|
if (err)
|
2014-05-28 01:12:37 -06:00
|
|
|
goto err_out_mem;
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2016-11-10 10:44:47 -07:00
|
|
|
err = cpuhp_setup_state(CPUHP_X86_MCE_DEAD, "x86/mce:dead", NULL,
|
|
|
|
|
mce_cpu_dead);
|
|
|
|
|
if (err)
|
|
|
|
|
goto err_out_mem;
|
2005-07-28 22:15:39 -06:00
|
|
|
|
2016-11-10 10:44:46 -07:00
|
|
|
err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/mce:online",
|
|
|
|
|
mce_cpu_online, mce_cpu_pre_down);
|
|
|
|
|
if (err < 0)
|
2016-11-10 10:44:47 -07:00
|
|
|
goto err_out_online;
|
2011-06-07 20:00:45 -06:00
|
|
|
|
2014-05-28 01:12:37 -06:00
|
|
|
register_syscore_ops(&mce_syscore_ops);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
2016-11-10 10:44:47 -07:00
|
|
|
err_out_online:
|
|
|
|
|
cpuhp_remove_state(CPUHP_X86_MCE_DEAD);
|
2014-05-28 01:12:37 -06:00
|
|
|
|
|
|
|
|
err_out_mem:
|
|
|
|
|
free_cpumask_var(mce_device_initialized);
|
|
|
|
|
|
|
|
|
|
err_out:
|
2017-03-27 03:33:03 -06:00
|
|
|
pr_err("Unable to init MCE device (rc: %d)\n", err);
|
2009-04-08 04:31:17 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
2012-06-07 05:56:51 -06:00
|
|
|
device_initcall_sync(mcheck_init_device);
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-04-28 15:07:25 -06:00
|
|
|
/*
|
|
|
|
|
* Old style boot options parsing. Only for compatibility.
|
|
|
|
|
*/
|
|
|
|
|
static int __init mcheck_disable(char *str)
|
|
|
|
|
{
|
2018-02-21 03:18:54 -07:00
|
|
|
mca_cfg.disabled = 1;
|
2009-04-28 15:07:25 -06:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
__setup("nomce", mcheck_disable);
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-07-30 19:41:42 -06:00
|
|
|
#ifdef CONFIG_DEBUG_FS
|
|
|
|
|
struct dentry *mce_get_debugfs_dir(void)
|
2009-04-08 04:31:25 -06:00
|
|
|
{
|
2009-07-30 19:41:42 -06:00
|
|
|
static struct dentry *dmce;
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-07-30 19:41:42 -06:00
|
|
|
if (!dmce)
|
|
|
|
|
dmce = debugfs_create_dir("mce", NULL);
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-07-30 19:41:42 -06:00
|
|
|
return dmce;
|
|
|
|
|
}
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
static void mce_reset(void)
|
|
|
|
|
{
|
|
|
|
|
cpu_missing = 0;
|
2014-12-03 14:36:45 -07:00
|
|
|
atomic_set(&mce_fake_panicked, 0);
|
2009-07-30 19:41:43 -06:00
|
|
|
atomic_set(&mce_executing, 0);
|
|
|
|
|
atomic_set(&mce_callin, 0);
|
|
|
|
|
atomic_set(&global_nwo, 0);
|
|
|
|
|
}
|
2009-04-08 04:31:25 -06:00
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
static int fake_panic_get(void *data, u64 *val)
|
|
|
|
|
{
|
|
|
|
|
*val = fake_panic;
|
|
|
|
|
return 0;
|
2009-04-08 04:31:25 -06:00
|
|
|
}
|
|
|
|
|
|
2009-07-30 19:41:43 -06:00
|
|
|
static int fake_panic_set(void *data, u64 val)
|
2009-04-08 04:31:25 -06:00
|
|
|
{
|
2009-07-30 19:41:43 -06:00
|
|
|
mce_reset();
|
|
|
|
|
fake_panic = val;
|
|
|
|
|
return 0;
|
2009-04-08 04:31:25 -06:00
|
|
|
}
|
|
|
|
|
|
2018-12-28 00:24:13 -07:00
|
|
|
DEFINE_DEBUGFS_ATTRIBUTE(fake_panic_fops, fake_panic_get, fake_panic_set,
|
|
|
|
|
"%llu\n");
|
2009-04-28 15:07:25 -06:00
|
|
|
|
2019-06-12 09:15:31 -06:00
|
|
|
static void __init mcheck_debugfs_init(void)
|
2009-04-28 15:07:25 -06:00
|
|
|
{
|
2019-06-12 09:15:31 -06:00
|
|
|
struct dentry *dmce;
|
2009-07-30 19:41:43 -06:00
|
|
|
|
|
|
|
|
dmce = mce_get_debugfs_dir();
|
2019-06-12 09:15:31 -06:00
|
|
|
debugfs_create_file_unsafe("fake_panic", 0444, dmce, NULL,
|
|
|
|
|
&fake_panic_fops);
|
2009-04-28 15:07:25 -06:00
|
|
|
}
|
2015-08-12 10:29:36 -06:00
|
|
|
#else
|
2019-06-12 09:15:31 -06:00
|
|
|
static void __init mcheck_debugfs_init(void) { }
|
2009-07-30 19:41:42 -06:00
|
|
|
#endif
|
2015-08-12 10:29:36 -06:00
|
|
|
|
2016-09-01 12:39:33 -06:00
|
|
|
DEFINE_STATIC_KEY_FALSE(mcsafe_key);
|
|
|
|
|
EXPORT_SYMBOL_GPL(mcsafe_key);
|
|
|
|
|
|
2015-08-12 10:29:36 -06:00
|
|
|
static int __init mcheck_late_init(void)
|
|
|
|
|
{
|
2016-09-01 12:39:33 -06:00
|
|
|
if (mca_cfg.recovery)
|
|
|
|
|
static_branch_inc(&mcsafe_key);
|
|
|
|
|
|
2015-08-12 10:29:36 -06:00
|
|
|
mcheck_debugfs_init();
|
2017-03-27 03:33:02 -06:00
|
|
|
cec_init();
|
2015-08-12 10:29:36 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Flush out everything that has been logged during early boot, now that
|
|
|
|
|
* everything has been initialized (workqueues, decoders, ...).
|
|
|
|
|
*/
|
|
|
|
|
mce_schedule_work();
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
late_initcall(mcheck_late_init);
|