2 * Machine check handler.
4 * K8 parts Copyright 2002,2003 Andi Kleen, SuSE Labs.
5 * Rest from unknown author(s).
6 * 2004 Andi Kleen. Rewrote most of it.
7 * Copyright 2008 Intel Corporation
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 #include <linux/thread_info.h>
14 #include <linux/capability.h>
15 #include <linux/miscdevice.h>
16 #include <linux/ratelimit.h>
17 #include <linux/rcupdate.h>
18 #include <linux/kobject.h>
19 #include <linux/uaccess.h>
20 #include <linux/kdebug.h>
21 #include <linux/kernel.h>
22 #include <linux/percpu.h>
23 #include <linux/string.h>
24 #include <linux/device.h>
25 #include <linux/syscore_ops.h>
26 #include <linux/delay.h>
27 #include <linux/ctype.h>
28 #include <linux/sched.h>
29 #include <linux/sysfs.h>
30 #include <linux/types.h>
31 #include <linux/slab.h>
32 #include <linux/init.h>
33 #include <linux/kmod.h>
34 #include <linux/poll.h>
35 #include <linux/nmi.h>
36 #include <linux/cpu.h>
37 #include <linux/ras.h>
38 #include <linux/smp.h>
41 #include <linux/debugfs.h>
42 #include <linux/irq_work.h>
43 #include <linux/export.h>
44 #include <linux/jump_label.h>
46 #include <asm/intel-family.h>
47 #include <asm/processor.h>
48 #include <asm/traps.h>
49 #include <asm/tlbflush.h>
52 #include <asm/reboot.h>
53 #include <asm/set_memory.h>
55 #include "mce-internal.h"
57 static DEFINE_MUTEX(mce_log_mutex);
59 /* sysfs synchronization */
60 static DEFINE_MUTEX(mce_sysfs_mutex);
62 #define CREATE_TRACE_POINTS
63 #include <trace/events/mce.h>
65 #define SPINUNIT 100 /* 100ns */
67 DEFINE_PER_CPU(unsigned, mce_exception_count);
69 struct mce_bank *mce_banks __read_mostly;
70 struct mce_vendor_flags mce_flags __read_mostly;
72 struct mca_config mca_cfg __read_mostly = {
76 * 0: always panic on uncorrected errors, log corrected errors
77 * 1: panic or SIGBUS on uncorrected errors, log corrected errors
78 * 2: SIGBUS or log uncorrected errors (if possible), log corr. errors
79 * 3: never panic or SIGBUS, log all errors (for testing only)
85 static DEFINE_PER_CPU(struct mce, mces_seen);
86 static unsigned long mce_need_notify;
87 static int cpu_missing;
90 * MCA banks polled by the period polling timer for corrected events.
91 * With Intel CMCI, this only has MCA banks which do not support CMCI (if any).
93 DEFINE_PER_CPU(mce_banks_t, mce_poll_banks) = {
94 [0 ... BITS_TO_LONGS(MAX_NR_BANKS)-1] = ~0UL
98 * MCA banks controlled through firmware first for corrected errors.
99 * This is a global list of banks for which we won't enable CMCI and we
100 * won't poll. Firmware controls these banks and is responsible for
101 * reporting corrected errors through GHES. Uncorrected/recoverable
102 * errors are still notified through a machine check.
104 mce_banks_t mce_banks_ce_disabled;
106 static struct work_struct mce_work;
107 static struct irq_work mce_irq_work;
109 static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs);
111 #ifndef mce_unmap_kpfn
112 static void mce_unmap_kpfn(unsigned long pfn);
116 * CPU/chipset specific EDAC code can register a notifier call here to print
117 * MCE errors in a human-readable form.
119 BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain);
121 /* Do initial initialization of a struct mce */
122 void mce_setup(struct mce *m)
124 memset(m, 0, sizeof(struct mce));
125 m->cpu = m->extcpu = smp_processor_id();
126 /* We hope get_seconds stays lockless */
127 m->time = get_seconds();
128 m->cpuvendor = boot_cpu_data.x86_vendor;
129 m->cpuid = cpuid_eax(1);
130 m->socketid = cpu_data(m->extcpu).phys_proc_id;
131 m->apicid = cpu_data(m->extcpu).initial_apicid;
132 rdmsrl(MSR_IA32_MCG_CAP, m->mcgcap);
134 if (this_cpu_has(X86_FEATURE_INTEL_PPIN))
135 rdmsrl(MSR_PPIN, m->ppin);
137 m->microcode = boot_cpu_data.microcode;
140 DEFINE_PER_CPU(struct mce, injectm);
141 EXPORT_PER_CPU_SYMBOL_GPL(injectm);
143 void mce_log(struct mce *m)
145 if (!mce_gen_pool_add(m))
146 irq_work_queue(&mce_irq_work);
149 void mce_inject_log(struct mce *m)
151 mutex_lock(&mce_log_mutex);
153 mutex_unlock(&mce_log_mutex);
155 EXPORT_SYMBOL_GPL(mce_inject_log);
157 static struct notifier_block mce_srao_nb;
160 * We run the default notifier if we have only the SRAO, the first and the
161 * default notifier registered. I.e., the mandatory NUM_DEFAULT_NOTIFIERS
162 * notifiers registered on the chain.
164 #define NUM_DEFAULT_NOTIFIERS 3
165 static atomic_t num_notifiers;
167 void mce_register_decode_chain(struct notifier_block *nb)
169 if (WARN_ON(nb->priority > MCE_PRIO_MCELOG && nb->priority < MCE_PRIO_EDAC))
172 atomic_inc(&num_notifiers);
174 blocking_notifier_chain_register(&x86_mce_decoder_chain, nb);
176 EXPORT_SYMBOL_GPL(mce_register_decode_chain);
178 void mce_unregister_decode_chain(struct notifier_block *nb)
180 atomic_dec(&num_notifiers);
182 blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb);
184 EXPORT_SYMBOL_GPL(mce_unregister_decode_chain);
186 static inline u32 ctl_reg(int bank)
188 return MSR_IA32_MCx_CTL(bank);
191 static inline u32 status_reg(int bank)
193 return MSR_IA32_MCx_STATUS(bank);
196 static inline u32 addr_reg(int bank)
198 return MSR_IA32_MCx_ADDR(bank);
201 static inline u32 misc_reg(int bank)
203 return MSR_IA32_MCx_MISC(bank);
206 static inline u32 smca_ctl_reg(int bank)
208 return MSR_AMD64_SMCA_MCx_CTL(bank);
211 static inline u32 smca_status_reg(int bank)
213 return MSR_AMD64_SMCA_MCx_STATUS(bank);
216 static inline u32 smca_addr_reg(int bank)
218 return MSR_AMD64_SMCA_MCx_ADDR(bank);
221 static inline u32 smca_misc_reg(int bank)
223 return MSR_AMD64_SMCA_MCx_MISC(bank);
226 struct mca_msr_regs msr_ops = {
228 .status = status_reg,
233 static void __print_mce(struct mce *m)
235 pr_emerg(HW_ERR "CPU %d: Machine Check%s: %Lx Bank %d: %016Lx\n",
237 (m->mcgstatus & MCG_STATUS_MCIP ? " Exception" : ""),
238 m->mcgstatus, m->bank, m->status);
241 pr_emerg(HW_ERR "RIP%s %02x:<%016Lx> ",
242 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
245 if (m->cs == __KERNEL_CS)
246 pr_cont("{%pS}", (void *)(unsigned long)m->ip);
250 pr_emerg(HW_ERR "TSC %llx ", m->tsc);
252 pr_cont("ADDR %llx ", m->addr);
254 pr_cont("MISC %llx ", m->misc);
256 if (mce_flags.smca) {
258 pr_cont("SYND %llx ", m->synd);
260 pr_cont("IPID %llx ", m->ipid);
265 * Note this output is parsed by external tools and old fields
266 * should not be changed.
268 pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
269 m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
273 static void print_mce(struct mce *m)
277 if (m->cpuvendor != X86_VENDOR_AMD)
278 pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n");
281 #define PANIC_TIMEOUT 5 /* 5 seconds */
283 static atomic_t mce_panicked;
285 static int fake_panic;
286 static atomic_t mce_fake_panicked;
288 /* Panic in progress. Enable interrupts and wait for final IPI */
289 static void wait_for_panic(void)
291 long timeout = PANIC_TIMEOUT*USEC_PER_SEC;
295 while (timeout-- > 0)
297 if (panic_timeout == 0)
298 panic_timeout = mca_cfg.panic_timeout;
299 panic("Panicing machine check CPU died");
302 static void mce_panic(const char *msg, struct mce *final, char *exp)
305 struct llist_node *pending;
306 struct mce_evt_llist *l;
310 * Make sure only one CPU runs in machine check panic
312 if (atomic_inc_return(&mce_panicked) > 1)
319 /* Don't log too much for fake panic */
320 if (atomic_inc_return(&mce_fake_panicked) > 1)
323 pending = mce_gen_pool_prepare_records();
324 /* First print corrected ones that are still unlogged */
325 llist_for_each_entry(l, pending, llnode) {
326 struct mce *m = &l->mce;
327 if (!(m->status & MCI_STATUS_UC)) {
330 apei_err = apei_write_mce(m);
333 /* Now print uncorrected but with the final one last */
334 llist_for_each_entry(l, pending, llnode) {
335 struct mce *m = &l->mce;
336 if (!(m->status & MCI_STATUS_UC))
338 if (!final || mce_cmp(m, final)) {
341 apei_err = apei_write_mce(m);
347 apei_err = apei_write_mce(final);
350 pr_emerg(HW_ERR "Some CPUs didn't answer in synchronization\n");
352 pr_emerg(HW_ERR "Machine check: %s\n", exp);
354 if (panic_timeout == 0)
355 panic_timeout = mca_cfg.panic_timeout;
358 pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
361 /* Support code for software error injection */
363 static int msr_to_offset(u32 msr)
365 unsigned bank = __this_cpu_read(injectm.bank);
367 if (msr == mca_cfg.rip_msr)
368 return offsetof(struct mce, ip);
369 if (msr == msr_ops.status(bank))
370 return offsetof(struct mce, status);
371 if (msr == msr_ops.addr(bank))
372 return offsetof(struct mce, addr);
373 if (msr == msr_ops.misc(bank))
374 return offsetof(struct mce, misc);
375 if (msr == MSR_IA32_MCG_STATUS)
376 return offsetof(struct mce, mcgstatus);
380 /* MSR access wrappers used for error injection */
381 static u64 mce_rdmsrl(u32 msr)
385 if (__this_cpu_read(injectm.finished)) {
386 int offset = msr_to_offset(msr);
390 return *(u64 *)((char *)this_cpu_ptr(&injectm) + offset);
393 if (rdmsrl_safe(msr, &v)) {
394 WARN_ONCE(1, "mce: Unable to read MSR 0x%x!\n", msr);
396 * Return zero in case the access faulted. This should
397 * not happen normally but can happen if the CPU does
398 * something weird, or if the code is buggy.
406 static void mce_wrmsrl(u32 msr, u64 v)
408 if (__this_cpu_read(injectm.finished)) {
409 int offset = msr_to_offset(msr);
412 *(u64 *)((char *)this_cpu_ptr(&injectm) + offset) = v;
419 * Collect all global (w.r.t. this processor) status about this machine
420 * check into our "mce" struct so that we can use it later to assess
421 * the severity of the problem as we read per-bank specific details.
423 static inline void mce_gather_info(struct mce *m, struct pt_regs *regs)
427 m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
430 * Get the address of the instruction at the time of
431 * the machine check error.
433 if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) {
438 * When in VM86 mode make the cs look like ring 3
439 * always. This is a lie, but it's better than passing
440 * the additional vm86 bit around everywhere.
442 if (v8086_mode(regs))
445 /* Use accurate RIP reporting if available. */
447 m->ip = mce_rdmsrl(mca_cfg.rip_msr);
451 int mce_available(struct cpuinfo_x86 *c)
453 if (mca_cfg.disabled)
455 return cpu_has(c, X86_FEATURE_MCE) && cpu_has(c, X86_FEATURE_MCA);
458 static void mce_schedule_work(void)
460 if (!mce_gen_pool_empty())
461 schedule_work(&mce_work);
464 static void mce_irq_work_cb(struct irq_work *entry)
469 static void mce_report_event(struct pt_regs *regs)
471 if (regs->flags & (X86_VM_MASK|X86_EFLAGS_IF)) {
474 * Triggering the work queue here is just an insurance
475 * policy in case the syscall exit notify handler
476 * doesn't run soon enough or ends up running on the
477 * wrong CPU (can happen when audit sleeps)
483 irq_work_queue(&mce_irq_work);
487 * Check if the address reported by the CPU is in a format we can parse.
488 * It would be possible to add code for most other cases, but all would
489 * be somewhat complicated (e.g. segment offset would require an instruction
490 * parser). So only support physical addresses up to page granuality for now.
492 static int mce_usable_address(struct mce *m)
494 if (!(m->status & MCI_STATUS_ADDRV))
497 /* Checks after this one are Intel-specific: */
498 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
501 if (!(m->status & MCI_STATUS_MISCV))
504 if (MCI_MISC_ADDR_LSB(m->misc) > PAGE_SHIFT)
507 if (MCI_MISC_ADDR_MODE(m->misc) != MCI_MISC_ADDR_PHYS)
513 bool mce_is_memory_error(struct mce *m)
515 if (m->cpuvendor == X86_VENDOR_AMD) {
516 return amd_mce_is_memory_error(m);
518 } else if (m->cpuvendor == X86_VENDOR_INTEL) {
520 * Intel SDM Volume 3B - 15.9.2 Compound Error Codes
522 * Bit 7 of the MCACOD field of IA32_MCi_STATUS is used for
523 * indicating a memory error. Bit 8 is used for indicating a
524 * cache hierarchy error. The combination of bit 2 and bit 3
525 * is used for indicating a `generic' cache hierarchy error
526 * But we can't just blindly check the above bits, because if
527 * bit 11 is set, then it is a bus/interconnect error - and
528 * either way the above bits just gives more detail on what
529 * bus/interconnect error happened. Note that bit 12 can be
530 * ignored, as it's the "filter" bit.
532 return (m->status & 0xef80) == BIT(7) ||
533 (m->status & 0xef00) == BIT(8) ||
534 (m->status & 0xeffc) == 0xc;
539 EXPORT_SYMBOL_GPL(mce_is_memory_error);
541 static bool mce_is_correctable(struct mce *m)
543 if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
546 if (m->status & MCI_STATUS_UC)
552 static bool cec_add_mce(struct mce *m)
557 /* We eat only correctable DRAM errors with usable addresses. */
558 if (mce_is_memory_error(m) &&
559 mce_is_correctable(m) &&
560 mce_usable_address(m))
561 if (!cec_add_elem(m->addr >> PAGE_SHIFT))
567 static int mce_first_notifier(struct notifier_block *nb, unsigned long val,
570 struct mce *m = (struct mce *)data;
578 /* Emit the trace record: */
581 set_bit(0, &mce_need_notify);
588 static struct notifier_block first_nb = {
589 .notifier_call = mce_first_notifier,
590 .priority = MCE_PRIO_FIRST,
593 static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
596 struct mce *mce = (struct mce *)data;
602 if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
603 pfn = mce->addr >> PAGE_SHIFT;
604 if (!memory_failure(pfn, 0))
610 static struct notifier_block mce_srao_nb = {
611 .notifier_call = srao_decode_notifier,
612 .priority = MCE_PRIO_SRAO,
615 static int mce_default_notifier(struct notifier_block *nb, unsigned long val,
618 struct mce *m = (struct mce *)data;
623 if (atomic_read(&num_notifiers) > NUM_DEFAULT_NOTIFIERS)
631 static struct notifier_block mce_default_nb = {
632 .notifier_call = mce_default_notifier,
633 /* lowest prio, we want it to run last. */
634 .priority = MCE_PRIO_LOWEST,
638 * Read ADDR and MISC registers.
640 static void mce_read_aux(struct mce *m, int i)
642 if (m->status & MCI_STATUS_MISCV)
643 m->misc = mce_rdmsrl(msr_ops.misc(i));
645 if (m->status & MCI_STATUS_ADDRV) {
646 m->addr = mce_rdmsrl(msr_ops.addr(i));
649 * Mask the reported address by the reported granularity.
651 if (mca_cfg.ser && (m->status & MCI_STATUS_MISCV)) {
652 u8 shift = MCI_MISC_ADDR_LSB(m->misc);
658 * Extract [55:<lsb>] where lsb is the least significant
659 * *valid* bit of the address bits.
661 if (mce_flags.smca) {
662 u8 lsb = (m->addr >> 56) & 0x3f;
664 m->addr &= GENMASK_ULL(55, lsb);
668 if (mce_flags.smca) {
669 m->ipid = mce_rdmsrl(MSR_AMD64_SMCA_MCx_IPID(i));
671 if (m->status & MCI_STATUS_SYNDV)
672 m->synd = mce_rdmsrl(MSR_AMD64_SMCA_MCx_SYND(i));
676 DEFINE_PER_CPU(unsigned, mce_poll_count);
679 * Poll for corrected events or events that happened before reset.
680 * Those are just logged through /dev/mcelog.
682 * This is executed in standard interrupt context.
684 * Note: spec recommends to panic for fatal unsignalled
685 * errors here. However this would be quite problematic --
686 * we would need to reimplement the Monarch handling and
687 * it would mess up the exclusion between exception handler
688 * and poll hander -- * so we skip this for now.
689 * These cases should not happen anyways, or only when the CPU
690 * is already totally * confused. In this case it's likely it will
691 * not fully execute the machine check handler either.
693 bool machine_check_poll(enum mcp_flags flags, mce_banks_t *b)
695 bool error_seen = false;
699 this_cpu_inc(mce_poll_count);
701 mce_gather_info(&m, NULL);
703 if (flags & MCP_TIMESTAMP)
706 for (i = 0; i < mca_cfg.banks; i++) {
707 if (!mce_banks[i].ctl || !test_bit(i, *b))
715 m.status = mce_rdmsrl(msr_ops.status(i));
716 if (!(m.status & MCI_STATUS_VAL))
720 * Uncorrected or signalled events are handled by the exception
721 * handler when it is enabled, so don't process those here.
723 * TBD do the same check for MCI_STATUS_EN here?
725 if (!(flags & MCP_UC) &&
726 (m.status & (mca_cfg.ser ? MCI_STATUS_S : MCI_STATUS_UC)))
733 m.severity = mce_severity(&m, mca_cfg.tolerant, NULL, false);
736 * Don't get the IP here because it's unlikely to
737 * have anything to do with the actual error location.
739 if (!(flags & MCP_DONTLOG) && !mca_cfg.dont_log_ce)
741 else if (mce_usable_address(&m)) {
743 * Although we skipped logging this, we still want
744 * to take action. Add to the pool so the registered
745 * notifiers will see it.
747 if (!mce_gen_pool_add(&m))
752 * Clear state for this bank.
754 mce_wrmsrl(msr_ops.status(i), 0);
758 * Don't clear MCG_STATUS here because it's only defined for
766 EXPORT_SYMBOL_GPL(machine_check_poll);
769 * Do a quick check if any of the events requires a panic.
770 * This decides if we keep the events around or clear them.
772 static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
773 struct pt_regs *regs)
778 for (i = 0; i < mca_cfg.banks; i++) {
779 m->status = mce_rdmsrl(msr_ops.status(i));
780 if (!(m->status & MCI_STATUS_VAL))
783 __set_bit(i, validp);
784 if (quirk_no_way_out)
785 quirk_no_way_out(i, m, regs);
787 if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
797 * Variable to establish order between CPUs while scanning.
798 * Each CPU spins initially until executing is equal its number.
800 static atomic_t mce_executing;
803 * Defines order of CPUs on entry. First CPU becomes Monarch.
805 static atomic_t mce_callin;
808 * Check if a timeout waiting for other CPUs happened.
810 static int mce_timed_out(u64 *t, const char *msg)
813 * The others already did panic for some reason.
814 * Bail out like in a timeout.
815 * rmb() to tell the compiler that system_state
816 * might have been modified by someone else.
819 if (atomic_read(&mce_panicked))
821 if (!mca_cfg.monarch_timeout)
823 if ((s64)*t < SPINUNIT) {
824 if (mca_cfg.tolerant <= 1)
825 mce_panic(msg, NULL, NULL);
831 touch_nmi_watchdog();
836 * The Monarch's reign. The Monarch is the CPU who entered
837 * the machine check handler first. It waits for the others to
838 * raise the exception too and then grades them. When any
839 * error is fatal panic. Only then let the others continue.
841 * The other CPUs entering the MCE handler will be controlled by the
842 * Monarch. They are called Subjects.
844 * This way we prevent any potential data corruption in a unrecoverable case
845 * and also makes sure always all CPU's errors are examined.
847 * Also this detects the case of a machine check event coming from outer
848 * space (not detected by any CPUs) In this case some external agent wants
849 * us to shut down, so panic too.
851 * The other CPUs might still decide to panic if the handler happens
852 * in a unrecoverable place, but in this case the system is in a semi-stable
853 * state and won't corrupt anything by itself. It's ok to let the others
854 * continue for a bit first.
856 * All the spin loops have timeouts; when a timeout happens a CPU
857 * typically elects itself to be Monarch.
859 static void mce_reign(void)
862 struct mce *m = NULL;
863 int global_worst = 0;
868 * This CPU is the Monarch and the other CPUs have run
869 * through their handlers.
870 * Grade the severity of the errors of all the CPUs.
872 for_each_possible_cpu(cpu) {
873 int severity = mce_severity(&per_cpu(mces_seen, cpu),
876 if (severity > global_worst) {
878 global_worst = severity;
879 m = &per_cpu(mces_seen, cpu);
884 * Cannot recover? Panic here then.
885 * This dumps all the mces in the log buffer and stops the
888 if (m && global_worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3)
889 mce_panic("Fatal machine check", m, msg);
892 * For UC somewhere we let the CPU who detects it handle it.
893 * Also must let continue the others, otherwise the handling
894 * CPU could deadlock on a lock.
898 * No machine check event found. Must be some external
899 * source or one CPU is hung. Panic.
901 if (global_worst <= MCE_KEEP_SEVERITY && mca_cfg.tolerant < 3)
902 mce_panic("Fatal machine check from unknown source", NULL, NULL);
905 * Now clear all the mces_seen so that they don't reappear on
908 for_each_possible_cpu(cpu)
909 memset(&per_cpu(mces_seen, cpu), 0, sizeof(struct mce));
912 static atomic_t global_nwo;
915 * Start of Monarch synchronization. This waits until all CPUs have
916 * entered the exception handler and then determines if any of them
917 * saw a fatal event that requires panic. Then it executes them
918 * in the entry order.
919 * TBD double check parallel CPU hotunplug
921 static int mce_start(int *no_way_out)
924 int cpus = num_online_cpus();
925 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
930 atomic_add(*no_way_out, &global_nwo);
932 * Rely on the implied barrier below, such that global_nwo
933 * is updated before mce_callin.
935 order = atomic_inc_return(&mce_callin);
940 while (atomic_read(&mce_callin) != cpus) {
941 if (mce_timed_out(&timeout,
942 "Timeout: Not all CPUs entered broadcast exception handler")) {
943 atomic_set(&global_nwo, 0);
950 * mce_callin should be read before global_nwo
956 * Monarch: Starts executing now, the others wait.
958 atomic_set(&mce_executing, 1);
961 * Subject: Now start the scanning loop one by one in
962 * the original callin order.
963 * This way when there are any shared banks it will be
964 * only seen by one CPU before cleared, avoiding duplicates.
966 while (atomic_read(&mce_executing) < order) {
967 if (mce_timed_out(&timeout,
968 "Timeout: Subject CPUs unable to finish machine check processing")) {
969 atomic_set(&global_nwo, 0);
977 * Cache the global no_way_out state.
979 *no_way_out = atomic_read(&global_nwo);
985 * Synchronize between CPUs after main scanning loop.
986 * This invokes the bulk of the Monarch processing.
988 static int mce_end(int order)
991 u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
999 * Allow others to run.
1001 atomic_inc(&mce_executing);
1004 /* CHECKME: Can this race with a parallel hotplug? */
1005 int cpus = num_online_cpus();
1008 * Monarch: Wait for everyone to go through their scanning
1011 while (atomic_read(&mce_executing) <= cpus) {
1012 if (mce_timed_out(&timeout,
1013 "Timeout: Monarch CPU unable to finish machine check processing"))
1023 * Subject: Wait for Monarch to finish.
1025 while (atomic_read(&mce_executing) != 0) {
1026 if (mce_timed_out(&timeout,
1027 "Timeout: Monarch CPU did not finish machine check processing"))
1033 * Don't reset anything. That's done by the Monarch.
1039 * Reset all global state.
1042 atomic_set(&global_nwo, 0);
1043 atomic_set(&mce_callin, 0);
1047 * Let others run again.
1049 atomic_set(&mce_executing, 0);
1053 static void mce_clear_state(unsigned long *toclear)
1057 for (i = 0; i < mca_cfg.banks; i++) {
1058 if (test_bit(i, toclear))
1059 mce_wrmsrl(msr_ops.status(i), 0);
1063 static int do_memory_failure(struct mce *m)
1065 int flags = MF_ACTION_REQUIRED;
1068 pr_err("Uncorrected hardware memory error in user-access at %llx", m->addr);
1069 if (!(m->mcgstatus & MCG_STATUS_RIPV))
1070 flags |= MF_MUST_KILL;
1071 ret = memory_failure(m->addr >> PAGE_SHIFT, flags);
1073 pr_err("Memory error not recovered");
1075 mce_unmap_kpfn(m->addr >> PAGE_SHIFT);
1079 #ifndef mce_unmap_kpfn
1080 static void mce_unmap_kpfn(unsigned long pfn)
1082 unsigned long decoy_addr;
1085 * Unmap this page from the kernel 1:1 mappings to make sure
1086 * we don't log more errors because of speculative access to
1088 * We would like to just call:
1089 * set_memory_np((unsigned long)pfn_to_kaddr(pfn), 1);
1090 * but doing that would radically increase the odds of a
1091 * speculative access to the poison page because we'd have
1092 * the virtual address of the kernel 1:1 mapping sitting
1093 * around in registers.
1094 * Instead we get tricky. We create a non-canonical address
1095 * that looks just like the one we want, but has bit 63 flipped.
1096 * This relies on set_memory_np() not checking whether we passed
1100 decoy_addr = (pfn << PAGE_SHIFT) + (PAGE_OFFSET ^ BIT(63));
1102 if (set_memory_np(decoy_addr, 1))
1103 pr_warn("Could not invalidate pfn=0x%lx from 1:1 map\n", pfn);
1108 * The actual machine check handler. This only handles real
1109 * exceptions when something got corrupted coming in through int 18.
1111 * This is executed in NMI context not subject to normal locking rules. This
1112 * implies that most kernel services cannot be safely used. Don't even
1113 * think about putting a printk in there!
1115 * On Intel systems this is entered on all CPUs in parallel through
1116 * MCE broadcast. However some CPUs might be broken beyond repair,
1117 * so be always careful when synchronizing with others.
1119 void do_machine_check(struct pt_regs *regs, long error_code)
1121 struct mca_config *cfg = &mca_cfg;
1122 struct mce m, *final;
1128 * Establish sequential order between the CPUs entering the machine
1133 * If no_way_out gets set, there is no safe way to recover from this
1134 * MCE. If mca_cfg.tolerant is cranked up, we'll try anyway.
1138 * If kill_it gets set, there might be a way to recover from this
1142 DECLARE_BITMAP(toclear, MAX_NR_BANKS);
1143 DECLARE_BITMAP(valid_banks, MAX_NR_BANKS);
1144 char *msg = "Unknown";
1147 * MCEs are always local on AMD. Same is determined by MCG_STATUS_LMCES
1151 int cpu = smp_processor_id();
1154 * Cases where we avoid rendezvous handler timeout:
1155 * 1) If this CPU is offline.
1157 * 2) If crashing_cpu was set, e.g. we're entering kdump and we need to
1158 * skip those CPUs which remain looping in the 1st kernel - see
1159 * crash_nmi_callback().
1161 * Note: there still is a small window between kexec-ing and the new,
1162 * kdump kernel establishing a new #MC handler where a broadcasted MCE
1163 * might not get handled properly.
1165 if (cpu_is_offline(cpu) ||
1166 (crashing_cpu != -1 && crashing_cpu != cpu)) {
1169 mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
1170 if (mcgstatus & MCG_STATUS_RIPV) {
1171 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1178 this_cpu_inc(mce_exception_count);
1183 mce_gather_info(&m, regs);
1186 final = this_cpu_ptr(&mces_seen);
1189 memset(valid_banks, 0, sizeof(valid_banks));
1190 no_way_out = mce_no_way_out(&m, &msg, valid_banks, regs);
1195 * When no restart IP might need to kill or panic.
1196 * Assume the worst for now, but if we find the
1197 * severity is MCE_AR_SEVERITY we have other options.
1199 if (!(m.mcgstatus & MCG_STATUS_RIPV))
1203 * Check if this MCE is signaled to only this logical processor,
1206 if (m.cpuvendor == X86_VENDOR_INTEL)
1207 lmce = m.mcgstatus & MCG_STATUS_LMCES;
1210 * Local machine check may already know that we have to panic.
1211 * Broadcast machine check begins rendezvous in mce_start()
1212 * Go through all banks in exclusion of the other CPUs. This way we
1213 * don't report duplicated events on shared banks because the first one
1214 * to see it will clear it.
1218 mce_panic("Fatal local machine check", &m, msg);
1220 order = mce_start(&no_way_out);
1223 for (i = 0; i < cfg->banks; i++) {
1224 __clear_bit(i, toclear);
1225 if (!test_bit(i, valid_banks))
1227 if (!mce_banks[i].ctl)
1234 m.status = mce_rdmsrl(msr_ops.status(i));
1235 if ((m.status & MCI_STATUS_VAL) == 0)
1239 * Non uncorrected or non signaled errors are handled by
1240 * machine_check_poll. Leave them alone, unless this panics.
1242 if (!(m.status & (cfg->ser ? MCI_STATUS_S : MCI_STATUS_UC)) &&
1247 * Set taint even when machine check was not enabled.
1249 add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
1251 severity = mce_severity(&m, cfg->tolerant, NULL, true);
1254 * When machine check was for corrected/deferred handler don't
1255 * touch, unless we're panicing.
1257 if ((severity == MCE_KEEP_SEVERITY ||
1258 severity == MCE_UCNA_SEVERITY) && !no_way_out)
1260 __set_bit(i, toclear);
1261 if (severity == MCE_NO_SEVERITY) {
1263 * Machine check event was not enabled. Clear, but
1269 mce_read_aux(&m, i);
1271 /* assuming valid severity level != 0 */
1272 m.severity = severity;
1276 if (severity > worst) {
1282 /* mce_clear_state will clear *final, save locally for use later */
1286 mce_clear_state(toclear);
1289 * Do most of the synchronization with other CPUs.
1290 * When there's any problem use only local no_way_out state.
1293 if (mce_end(order) < 0)
1294 no_way_out = worst >= MCE_PANIC_SEVERITY;
1297 * If there was a fatal machine check we should have
1298 * already called mce_panic earlier in this function.
1299 * Since we re-read the banks, we might have found
1300 * something new. Check again to see if we found a
1301 * fatal error. We call "mce_severity()" again to
1302 * make sure we have the right "msg".
1304 if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) {
1305 mce_severity(&m, cfg->tolerant, &msg, true);
1306 mce_panic("Local fatal machine check!", &m, msg);
1311 * If tolerant is at an insane level we drop requests to kill
1312 * processes and continue even when there is no way out.
1314 if (cfg->tolerant == 3)
1316 else if (no_way_out)
1317 mce_panic("Fatal machine check on current CPU", &m, msg);
1320 mce_report_event(regs);
1321 mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
1325 if (worst != MCE_AR_SEVERITY && !kill_it)
1328 /* Fault was in user mode and we need to take some action */
1329 if ((m.cs & 3) == 3) {
1330 ist_begin_non_atomic(regs);
1333 if (kill_it || do_memory_failure(&m))
1334 force_sig(SIGBUS, current);
1335 local_irq_disable();
1336 ist_end_non_atomic();
1338 if (!fixup_exception(regs, X86_TRAP_MC))
1339 mce_panic("Failed kernel mode recovery", &m, NULL);
1345 EXPORT_SYMBOL_GPL(do_machine_check);
1347 #ifndef CONFIG_MEMORY_FAILURE
1348 int memory_failure(unsigned long pfn, int flags)
1350 /* mce_severity() should not hand us an ACTION_REQUIRED error */
1351 BUG_ON(flags & MF_ACTION_REQUIRED);
1352 pr_err("Uncorrected memory error in page 0x%lx ignored\n"
1353 "Rebuild kernel with CONFIG_MEMORY_FAILURE=y for smarter handling\n",
1361 * Periodic polling timer for "silent" machine check errors. If the
1362 * poller finds an MCE, poll 2x faster. When the poller finds no more
1363 * errors, poll 2x slower (up to check_interval seconds).
1365 static unsigned long check_interval = INITIAL_CHECK_INTERVAL;
1367 static DEFINE_PER_CPU(unsigned long, mce_next_interval); /* in jiffies */
1368 static DEFINE_PER_CPU(struct timer_list, mce_timer);
1370 static unsigned long mce_adjust_timer_default(unsigned long interval)
1375 static unsigned long (*mce_adjust_timer)(unsigned long interval) = mce_adjust_timer_default;
1377 static void __start_timer(struct timer_list *t, unsigned long interval)
1379 unsigned long when = jiffies + interval;
1380 unsigned long flags;
1382 local_irq_save(flags);
1384 if (!timer_pending(t) || time_before(when, t->expires))
1385 mod_timer(t, round_jiffies(when));
1387 local_irq_restore(flags);
1390 static void mce_timer_fn(struct timer_list *t)
1392 struct timer_list *cpu_t = this_cpu_ptr(&mce_timer);
1395 WARN_ON(cpu_t != t);
1397 iv = __this_cpu_read(mce_next_interval);
1399 if (mce_available(this_cpu_ptr(&cpu_info))) {
1400 machine_check_poll(0, this_cpu_ptr(&mce_poll_banks));
1402 if (mce_intel_cmci_poll()) {
1403 iv = mce_adjust_timer(iv);
1409 * Alert userspace if needed. If we logged an MCE, reduce the polling
1410 * interval, otherwise increase the polling interval.
1412 if (mce_notify_irq())
1413 iv = max(iv / 2, (unsigned long) HZ/100);
1415 iv = min(iv * 2, round_jiffies_relative(check_interval * HZ));
1418 __this_cpu_write(mce_next_interval, iv);
1419 __start_timer(t, iv);
1423 * Ensure that the timer is firing in @interval from now.
1425 void mce_timer_kick(unsigned long interval)
1427 struct timer_list *t = this_cpu_ptr(&mce_timer);
1428 unsigned long iv = __this_cpu_read(mce_next_interval);
1430 __start_timer(t, interval);
1433 __this_cpu_write(mce_next_interval, interval);
1436 /* Must not be called in IRQ context where del_timer_sync() can deadlock */
1437 static void mce_timer_delete_all(void)
1441 for_each_online_cpu(cpu)
1442 del_timer_sync(&per_cpu(mce_timer, cpu));
1446 * Notify the user(s) about new machine check events.
1447 * Can be called from interrupt context, but not from machine check/NMI
1450 int mce_notify_irq(void)
1452 /* Not more than two messages every minute */
1453 static DEFINE_RATELIMIT_STATE(ratelimit, 60*HZ, 2);
1455 if (test_and_clear_bit(0, &mce_need_notify)) {
1458 if (__ratelimit(&ratelimit))
1459 pr_info(HW_ERR "Machine check events logged\n");
1465 EXPORT_SYMBOL_GPL(mce_notify_irq);
1467 static int __mcheck_cpu_mce_banks_init(void)
1470 u8 num_banks = mca_cfg.banks;
1472 mce_banks = kcalloc(num_banks, sizeof(struct mce_bank), GFP_KERNEL);
1476 for (i = 0; i < num_banks; i++) {
1477 struct mce_bank *b = &mce_banks[i];
1486 * Initialize Machine Checks for a CPU.
1488 static int __mcheck_cpu_cap_init(void)
1493 rdmsrl(MSR_IA32_MCG_CAP, cap);
1495 b = cap & MCG_BANKCNT_MASK;
1497 pr_info("CPU supports %d MCE banks\n", b);
1499 if (b > MAX_NR_BANKS) {
1500 pr_warn("Using only %u machine check banks out of %u\n",
1505 /* Don't support asymmetric configurations today */
1506 WARN_ON(mca_cfg.banks != 0 && b != mca_cfg.banks);
1510 int err = __mcheck_cpu_mce_banks_init();
1516 /* Use accurate RIP reporting if available. */
1517 if ((cap & MCG_EXT_P) && MCG_EXT_CNT(cap) >= 9)
1518 mca_cfg.rip_msr = MSR_IA32_MCG_EIP;
1520 if (cap & MCG_SER_P)
1526 static void __mcheck_cpu_init_generic(void)
1528 enum mcp_flags m_fl = 0;
1529 mce_banks_t all_banks;
1532 if (!mca_cfg.bootlog)
1536 * Log the machine checks left over from the previous reset.
1538 bitmap_fill(all_banks, MAX_NR_BANKS);
1539 machine_check_poll(MCP_UC | m_fl, &all_banks);
1541 cr4_set_bits(X86_CR4_MCE);
1543 rdmsrl(MSR_IA32_MCG_CAP, cap);
1544 if (cap & MCG_CTL_P)
1545 wrmsr(MSR_IA32_MCG_CTL, 0xffffffff, 0xffffffff);
1548 static void __mcheck_cpu_init_clear_banks(void)
1552 for (i = 0; i < mca_cfg.banks; i++) {
1553 struct mce_bank *b = &mce_banks[i];
1557 wrmsrl(msr_ops.ctl(i), b->ctl);
1558 wrmsrl(msr_ops.status(i), 0);
1563 * During IFU recovery Sandy Bridge -EP4S processors set the RIPV and
1564 * EIPV bits in MCG_STATUS to zero on the affected logical processor (SDM
1565 * Vol 3B Table 15-20). But this confuses both the code that determines
1566 * whether the machine check occurred in kernel or user mode, and also
1567 * the severity assessment code. Pretend that EIPV was set, and take the
1568 * ip/cs values from the pt_regs that mce_gather_info() ignored earlier.
1570 static void quirk_sandybridge_ifu(int bank, struct mce *m, struct pt_regs *regs)
1574 if ((m->mcgstatus & (MCG_STATUS_EIPV|MCG_STATUS_RIPV)) != 0)
1576 if ((m->status & (MCI_STATUS_OVER|MCI_STATUS_UC|
1577 MCI_STATUS_EN|MCI_STATUS_MISCV|MCI_STATUS_ADDRV|
1578 MCI_STATUS_PCC|MCI_STATUS_S|MCI_STATUS_AR|
1580 (MCI_STATUS_UC|MCI_STATUS_EN|
1581 MCI_STATUS_MISCV|MCI_STATUS_ADDRV|MCI_STATUS_S|
1582 MCI_STATUS_AR|MCACOD_INSTR))
1585 m->mcgstatus |= MCG_STATUS_EIPV;
1590 /* Add per CPU specific workarounds here */
1591 static int __mcheck_cpu_apply_quirks(struct cpuinfo_x86 *c)
1593 struct mca_config *cfg = &mca_cfg;
1595 if (c->x86_vendor == X86_VENDOR_UNKNOWN) {
1596 pr_info("unknown CPU type - not enabling MCE support\n");
1600 /* This should be disabled by the BIOS, but isn't always */
1601 if (c->x86_vendor == X86_VENDOR_AMD) {
1602 if (c->x86 == 15 && cfg->banks > 4) {
1604 * disable GART TBL walk error reporting, which
1605 * trips off incorrectly with the IOMMU & 3ware
1608 clear_bit(10, (unsigned long *)&mce_banks[4].ctl);
1610 if (c->x86 < 0x11 && cfg->bootlog < 0) {
1612 * Lots of broken BIOS around that don't clear them
1613 * by default and leave crap in there. Don't log:
1618 * Various K7s with broken bank 0 around. Always disable
1621 if (c->x86 == 6 && cfg->banks > 0)
1622 mce_banks[0].ctl = 0;
1625 * overflow_recov is supported for F15h Models 00h-0fh
1626 * even though we don't have a CPUID bit for it.
1628 if (c->x86 == 0x15 && c->x86_model <= 0xf)
1629 mce_flags.overflow_recov = 1;
1632 * Turn off MC4_MISC thresholding banks on those models since
1633 * they're not supported there.
1635 if (c->x86 == 0x15 &&
1636 (c->x86_model >= 0x10 && c->x86_model <= 0x1f)) {
1641 0x00000413, /* MC4_MISC0 */
1642 0xc0000408, /* MC4_MISC1 */
1645 rdmsrl(MSR_K7_HWCR, hwcr);
1647 /* McStatusWrEn has to be set */
1648 need_toggle = !(hwcr & BIT(18));
1651 wrmsrl(MSR_K7_HWCR, hwcr | BIT(18));
1653 /* Clear CntP bit safely */
1654 for (i = 0; i < ARRAY_SIZE(msrs); i++)
1655 msr_clear_bit(msrs[i], 62);
1657 /* restore old settings */
1659 wrmsrl(MSR_K7_HWCR, hwcr);
1663 if (c->x86_vendor == X86_VENDOR_INTEL) {
1665 * SDM documents that on family 6 bank 0 should not be written
1666 * because it aliases to another special BIOS controlled
1668 * But it's not aliased anymore on model 0x1a+
1669 * Don't ignore bank 0 completely because there could be a
1670 * valid event later, merely don't write CTL0.
1673 if (c->x86 == 6 && c->x86_model < 0x1A && cfg->banks > 0)
1674 mce_banks[0].init = 0;
1677 * All newer Intel systems support MCE broadcasting. Enable
1678 * synchronization with a one second timeout.
1680 if ((c->x86 > 6 || (c->x86 == 6 && c->x86_model >= 0xe)) &&
1681 cfg->monarch_timeout < 0)
1682 cfg->monarch_timeout = USEC_PER_SEC;
1685 * There are also broken BIOSes on some Pentium M and
1688 if (c->x86 == 6 && c->x86_model <= 13 && cfg->bootlog < 0)
1691 if (c->x86 == 6 && c->x86_model == 45)
1692 quirk_no_way_out = quirk_sandybridge_ifu;
1694 if (cfg->monarch_timeout < 0)
1695 cfg->monarch_timeout = 0;
1696 if (cfg->bootlog != 0)
1697 cfg->panic_timeout = 30;
1702 static int __mcheck_cpu_ancient_init(struct cpuinfo_x86 *c)
1707 switch (c->x86_vendor) {
1708 case X86_VENDOR_INTEL:
1709 intel_p5_mcheck_init(c);
1712 case X86_VENDOR_CENTAUR:
1713 winchip_mcheck_init(c);
1724 * Init basic CPU features needed for early decoding of MCEs.
1726 static void __mcheck_cpu_init_early(struct cpuinfo_x86 *c)
1728 if (c->x86_vendor == X86_VENDOR_AMD) {
1729 mce_flags.overflow_recov = !!cpu_has(c, X86_FEATURE_OVERFLOW_RECOV);
1730 mce_flags.succor = !!cpu_has(c, X86_FEATURE_SUCCOR);
1731 mce_flags.smca = !!cpu_has(c, X86_FEATURE_SMCA);
1733 if (mce_flags.smca) {
1734 msr_ops.ctl = smca_ctl_reg;
1735 msr_ops.status = smca_status_reg;
1736 msr_ops.addr = smca_addr_reg;
1737 msr_ops.misc = smca_misc_reg;
1742 static void mce_centaur_feature_init(struct cpuinfo_x86 *c)
1744 struct mca_config *cfg = &mca_cfg;
1747 * All newer Centaur CPUs support MCE broadcasting. Enable
1748 * synchronization with a one second timeout.
1750 if ((c->x86 == 6 && c->x86_model == 0xf && c->x86_stepping >= 0xe) ||
1752 if (cfg->monarch_timeout < 0)
1753 cfg->monarch_timeout = USEC_PER_SEC;
1757 static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
1759 switch (c->x86_vendor) {
1760 case X86_VENDOR_INTEL:
1761 mce_intel_feature_init(c);
1762 mce_adjust_timer = cmci_intel_adjust_timer;
1765 case X86_VENDOR_AMD: {
1766 mce_amd_feature_init(c);
1769 case X86_VENDOR_CENTAUR:
1770 mce_centaur_feature_init(c);
1778 static void __mcheck_cpu_clear_vendor(struct cpuinfo_x86 *c)
1780 switch (c->x86_vendor) {
1781 case X86_VENDOR_INTEL:
1782 mce_intel_feature_clear(c);
1789 static void mce_start_timer(struct timer_list *t)
1791 unsigned long iv = check_interval * HZ;
1793 if (mca_cfg.ignore_ce || !iv)
1796 this_cpu_write(mce_next_interval, iv);
1797 __start_timer(t, iv);
1800 static void __mcheck_cpu_setup_timer(void)
1802 struct timer_list *t = this_cpu_ptr(&mce_timer);
1804 timer_setup(t, mce_timer_fn, TIMER_PINNED);
1807 static void __mcheck_cpu_init_timer(void)
1809 struct timer_list *t = this_cpu_ptr(&mce_timer);
1811 timer_setup(t, mce_timer_fn, TIMER_PINNED);
1815 /* Handle unconfigured int18 (should never happen) */
1816 static void unexpected_machine_check(struct pt_regs *regs, long error_code)
1818 pr_err("CPU#%d: Unexpected int18 (Machine Check)\n",
1819 smp_processor_id());
1822 /* Call the installed machine check handler for this CPU setup. */
1823 void (*machine_check_vector)(struct pt_regs *, long error_code) =
1824 unexpected_machine_check;
1826 dotraplinkage void do_mce(struct pt_regs *regs, long error_code)
1828 machine_check_vector(regs, error_code);
1832 * Called for each booted CPU to set up machine checks.
1833 * Must be called with preempt off:
1835 void mcheck_cpu_init(struct cpuinfo_x86 *c)
1837 if (mca_cfg.disabled)
1840 if (__mcheck_cpu_ancient_init(c))
1843 if (!mce_available(c))
1846 if (__mcheck_cpu_cap_init() < 0 || __mcheck_cpu_apply_quirks(c) < 0) {
1847 mca_cfg.disabled = 1;
1851 if (mce_gen_pool_init()) {
1852 mca_cfg.disabled = 1;
1853 pr_emerg("Couldn't allocate MCE records pool!\n");
1857 machine_check_vector = do_machine_check;
1859 __mcheck_cpu_init_early(c);
1860 __mcheck_cpu_init_generic();
1861 __mcheck_cpu_init_vendor(c);
1862 __mcheck_cpu_init_clear_banks();
1863 __mcheck_cpu_setup_timer();
1867 * Called for each booted CPU to clear some machine checks opt-ins
1869 void mcheck_cpu_clear(struct cpuinfo_x86 *c)
1871 if (mca_cfg.disabled)
1874 if (!mce_available(c))
1878 * Possibly to clear general settings generic to x86
1879 * __mcheck_cpu_clear_generic(c);
1881 __mcheck_cpu_clear_vendor(c);
1885 static void __mce_disable_bank(void *arg)
1887 int bank = *((int *)arg);
1888 __clear_bit(bank, this_cpu_ptr(mce_poll_banks));
1889 cmci_disable_bank(bank);
1892 void mce_disable_bank(int bank)
1894 if (bank >= mca_cfg.banks) {
1896 "Ignoring request to disable invalid MCA bank %d.\n",
1900 set_bit(bank, mce_banks_ce_disabled);
1901 on_each_cpu(__mce_disable_bank, &bank, 1);
1905 * mce=off Disables machine check
1906 * mce=no_cmci Disables CMCI
1907 * mce=no_lmce Disables LMCE
1908 * mce=dont_log_ce Clears corrected events silently, no log created for CEs.
1909 * mce=ignore_ce Disables polling and CMCI, corrected events are not cleared.
1910 * mce=TOLERANCELEVEL[,monarchtimeout] (number, see above)
1911 * monarchtimeout is how long to wait for other CPUs on machine
1912 * check, or 0 to not wait
1913 * mce=bootlog Log MCEs from before booting. Disabled by default on AMD Fam10h
1915 * mce=nobootlog Don't log MCEs from before booting.
1916 * mce=bios_cmci_threshold Don't program the CMCI threshold
1917 * mce=recovery force enable memcpy_mcsafe()
1919 static int __init mcheck_enable(char *str)
1921 struct mca_config *cfg = &mca_cfg;
1929 if (!strcmp(str, "off"))
1931 else if (!strcmp(str, "no_cmci"))
1932 cfg->cmci_disabled = true;
1933 else if (!strcmp(str, "no_lmce"))
1934 cfg->lmce_disabled = 1;
1935 else if (!strcmp(str, "dont_log_ce"))
1936 cfg->dont_log_ce = true;
1937 else if (!strcmp(str, "ignore_ce"))
1938 cfg->ignore_ce = true;
1939 else if (!strcmp(str, "bootlog") || !strcmp(str, "nobootlog"))
1940 cfg->bootlog = (str[0] == 'b');
1941 else if (!strcmp(str, "bios_cmci_threshold"))
1942 cfg->bios_cmci_threshold = 1;
1943 else if (!strcmp(str, "recovery"))
1945 else if (isdigit(str[0])) {
1946 if (get_option(&str, &cfg->tolerant) == 2)
1947 get_option(&str, &(cfg->monarch_timeout));
1949 pr_info("mce argument %s ignored. Please use /sys\n", str);
1954 __setup("mce", mcheck_enable);
1956 int __init mcheck_init(void)
1958 mcheck_intel_therm_init();
1959 mce_register_decode_chain(&first_nb);
1960 mce_register_decode_chain(&mce_srao_nb);
1961 mce_register_decode_chain(&mce_default_nb);
1962 mcheck_vendor_init_severity();
1964 INIT_WORK(&mce_work, mce_gen_pool_process);
1965 init_irq_work(&mce_irq_work, mce_irq_work_cb);
1971 * mce_syscore: PM support
1975 * Disable machine checks on suspend and shutdown. We can't really handle
1978 static void mce_disable_error_reporting(void)
1982 for (i = 0; i < mca_cfg.banks; i++) {
1983 struct mce_bank *b = &mce_banks[i];
1986 wrmsrl(msr_ops.ctl(i), 0);
1991 static void vendor_disable_error_reporting(void)
1994 * Don't clear on Intel or AMD CPUs. Some of these MSRs are socket-wide.
1995 * Disabling them for just a single offlined CPU is bad, since it will
1996 * inhibit reporting for all shared resources on the socket like the
1997 * last level cache (LLC), the integrated memory controller (iMC), etc.
1999 if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
2000 boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
2003 mce_disable_error_reporting();
2006 static int mce_syscore_suspend(void)
2008 vendor_disable_error_reporting();
2012 static void mce_syscore_shutdown(void)
2014 vendor_disable_error_reporting();
2018 * On resume clear all MCE state. Don't want to see leftovers from the BIOS.
2019 * Only one CPU is active at this time, the others get re-added later using
2022 static void mce_syscore_resume(void)
2024 __mcheck_cpu_init_generic();
2025 __mcheck_cpu_init_vendor(raw_cpu_ptr(&cpu_info));
2026 __mcheck_cpu_init_clear_banks();
2029 static struct syscore_ops mce_syscore_ops = {
2030 .suspend = mce_syscore_suspend,
2031 .shutdown = mce_syscore_shutdown,
2032 .resume = mce_syscore_resume,
2036 * mce_device: Sysfs support
2039 static void mce_cpu_restart(void *data)
2041 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2043 __mcheck_cpu_init_generic();
2044 __mcheck_cpu_init_clear_banks();
2045 __mcheck_cpu_init_timer();
2048 /* Reinit MCEs after user configuration changes */
2049 static void mce_restart(void)
2051 mce_timer_delete_all();
2052 on_each_cpu(mce_cpu_restart, NULL, 1);
2055 /* Toggle features for corrected errors */
2056 static void mce_disable_cmci(void *data)
2058 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2063 static void mce_enable_ce(void *all)
2065 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2070 __mcheck_cpu_init_timer();
2073 static struct bus_type mce_subsys = {
2074 .name = "machinecheck",
2075 .dev_name = "machinecheck",
2078 DEFINE_PER_CPU(struct device *, mce_device);
2080 static inline struct mce_bank *attr_to_bank(struct device_attribute *attr)
2082 return container_of(attr, struct mce_bank, attr);
2085 static ssize_t show_bank(struct device *s, struct device_attribute *attr,
2088 return sprintf(buf, "%llx\n", attr_to_bank(attr)->ctl);
2091 static ssize_t set_bank(struct device *s, struct device_attribute *attr,
2092 const char *buf, size_t size)
2096 if (kstrtou64(buf, 0, &new) < 0)
2099 attr_to_bank(attr)->ctl = new;
2105 static ssize_t set_ignore_ce(struct device *s,
2106 struct device_attribute *attr,
2107 const char *buf, size_t size)
2111 if (kstrtou64(buf, 0, &new) < 0)
2114 mutex_lock(&mce_sysfs_mutex);
2115 if (mca_cfg.ignore_ce ^ !!new) {
2117 /* disable ce features */
2118 mce_timer_delete_all();
2119 on_each_cpu(mce_disable_cmci, NULL, 1);
2120 mca_cfg.ignore_ce = true;
2122 /* enable ce features */
2123 mca_cfg.ignore_ce = false;
2124 on_each_cpu(mce_enable_ce, (void *)1, 1);
2127 mutex_unlock(&mce_sysfs_mutex);
2132 static ssize_t set_cmci_disabled(struct device *s,
2133 struct device_attribute *attr,
2134 const char *buf, size_t size)
2138 if (kstrtou64(buf, 0, &new) < 0)
2141 mutex_lock(&mce_sysfs_mutex);
2142 if (mca_cfg.cmci_disabled ^ !!new) {
2145 on_each_cpu(mce_disable_cmci, NULL, 1);
2146 mca_cfg.cmci_disabled = true;
2149 mca_cfg.cmci_disabled = false;
2150 on_each_cpu(mce_enable_ce, NULL, 1);
2153 mutex_unlock(&mce_sysfs_mutex);
2158 static ssize_t store_int_with_restart(struct device *s,
2159 struct device_attribute *attr,
2160 const char *buf, size_t size)
2162 unsigned long old_check_interval = check_interval;
2163 ssize_t ret = device_store_ulong(s, attr, buf, size);
2165 if (check_interval == old_check_interval)
2168 if (check_interval < 1)
2171 mutex_lock(&mce_sysfs_mutex);
2173 mutex_unlock(&mce_sysfs_mutex);
2178 static DEVICE_INT_ATTR(tolerant, 0644, mca_cfg.tolerant);
2179 static DEVICE_INT_ATTR(monarch_timeout, 0644, mca_cfg.monarch_timeout);
2180 static DEVICE_BOOL_ATTR(dont_log_ce, 0644, mca_cfg.dont_log_ce);
2182 static struct dev_ext_attribute dev_attr_check_interval = {
2183 __ATTR(check_interval, 0644, device_show_int, store_int_with_restart),
2187 static struct dev_ext_attribute dev_attr_ignore_ce = {
2188 __ATTR(ignore_ce, 0644, device_show_bool, set_ignore_ce),
2192 static struct dev_ext_attribute dev_attr_cmci_disabled = {
2193 __ATTR(cmci_disabled, 0644, device_show_bool, set_cmci_disabled),
2194 &mca_cfg.cmci_disabled
2197 static struct device_attribute *mce_device_attrs[] = {
2198 &dev_attr_tolerant.attr,
2199 &dev_attr_check_interval.attr,
2200 #ifdef CONFIG_X86_MCELOG_LEGACY
2203 &dev_attr_monarch_timeout.attr,
2204 &dev_attr_dont_log_ce.attr,
2205 &dev_attr_ignore_ce.attr,
2206 &dev_attr_cmci_disabled.attr,
2210 static cpumask_var_t mce_device_initialized;
2212 static void mce_device_release(struct device *dev)
2217 /* Per cpu device init. All of the cpus still share the same ctrl bank: */
2218 static int mce_device_create(unsigned int cpu)
2224 if (!mce_available(&boot_cpu_data))
2227 dev = per_cpu(mce_device, cpu);
2231 dev = kzalloc(sizeof *dev, GFP_KERNEL);
2235 dev->bus = &mce_subsys;
2236 dev->release = &mce_device_release;
2238 err = device_register(dev);
2244 for (i = 0; mce_device_attrs[i]; i++) {
2245 err = device_create_file(dev, mce_device_attrs[i]);
2249 for (j = 0; j < mca_cfg.banks; j++) {
2250 err = device_create_file(dev, &mce_banks[j].attr);
2254 cpumask_set_cpu(cpu, mce_device_initialized);
2255 per_cpu(mce_device, cpu) = dev;
2260 device_remove_file(dev, &mce_banks[j].attr);
2263 device_remove_file(dev, mce_device_attrs[i]);
2265 device_unregister(dev);
2270 static void mce_device_remove(unsigned int cpu)
2272 struct device *dev = per_cpu(mce_device, cpu);
2275 if (!cpumask_test_cpu(cpu, mce_device_initialized))
2278 for (i = 0; mce_device_attrs[i]; i++)
2279 device_remove_file(dev, mce_device_attrs[i]);
2281 for (i = 0; i < mca_cfg.banks; i++)
2282 device_remove_file(dev, &mce_banks[i].attr);
2284 device_unregister(dev);
2285 cpumask_clear_cpu(cpu, mce_device_initialized);
2286 per_cpu(mce_device, cpu) = NULL;
2289 /* Make sure there are no machine checks on offlined CPUs. */
2290 static void mce_disable_cpu(void)
2292 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2295 if (!cpuhp_tasks_frozen)
2298 vendor_disable_error_reporting();
2301 static void mce_reenable_cpu(void)
2305 if (!mce_available(raw_cpu_ptr(&cpu_info)))
2308 if (!cpuhp_tasks_frozen)
2310 for (i = 0; i < mca_cfg.banks; i++) {
2311 struct mce_bank *b = &mce_banks[i];
2314 wrmsrl(msr_ops.ctl(i), b->ctl);
2318 static int mce_cpu_dead(unsigned int cpu)
2320 mce_intel_hcpu_update(cpu);
2322 /* intentionally ignoring frozen here */
2323 if (!cpuhp_tasks_frozen)
2328 static int mce_cpu_online(unsigned int cpu)
2330 struct timer_list *t = this_cpu_ptr(&mce_timer);
2333 mce_device_create(cpu);
2335 ret = mce_threshold_create_device(cpu);
2337 mce_device_remove(cpu);
2345 static int mce_cpu_pre_down(unsigned int cpu)
2347 struct timer_list *t = this_cpu_ptr(&mce_timer);
2351 mce_threshold_remove_device(cpu);
2352 mce_device_remove(cpu);
2356 static __init void mce_init_banks(void)
2360 for (i = 0; i < mca_cfg.banks; i++) {
2361 struct mce_bank *b = &mce_banks[i];
2362 struct device_attribute *a = &b->attr;
2364 sysfs_attr_init(&a->attr);
2365 a->attr.name = b->attrname;
2366 snprintf(b->attrname, ATTR_LEN, "bank%d", i);
2368 a->attr.mode = 0644;
2369 a->show = show_bank;
2370 a->store = set_bank;
2374 static __init int mcheck_init_device(void)
2379 * Check if we have a spare virtual bit. This will only become
2380 * a problem if/when we move beyond 5-level page tables.
2382 MAYBE_BUILD_BUG_ON(__VIRTUAL_MASK_SHIFT >= 63);
2384 if (!mce_available(&boot_cpu_data)) {
2389 if (!zalloc_cpumask_var(&mce_device_initialized, GFP_KERNEL)) {
2396 err = subsys_system_register(&mce_subsys, NULL);
2400 err = cpuhp_setup_state(CPUHP_X86_MCE_DEAD, "x86/mce:dead", NULL,
2405 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/mce:online",
2406 mce_cpu_online, mce_cpu_pre_down);
2408 goto err_out_online;
2410 register_syscore_ops(&mce_syscore_ops);
2415 cpuhp_remove_state(CPUHP_X86_MCE_DEAD);
2418 free_cpumask_var(mce_device_initialized);
2421 pr_err("Unable to init MCE device (rc: %d)\n", err);
2425 device_initcall_sync(mcheck_init_device);
2428 * Old style boot options parsing. Only for compatibility.
2430 static int __init mcheck_disable(char *str)
2432 mca_cfg.disabled = 1;
2435 __setup("nomce", mcheck_disable);
2437 #ifdef CONFIG_DEBUG_FS
2438 struct dentry *mce_get_debugfs_dir(void)
2440 static struct dentry *dmce;
2443 dmce = debugfs_create_dir("mce", NULL);
2448 static void mce_reset(void)
2451 atomic_set(&mce_fake_panicked, 0);
2452 atomic_set(&mce_executing, 0);
2453 atomic_set(&mce_callin, 0);
2454 atomic_set(&global_nwo, 0);
2457 static int fake_panic_get(void *data, u64 *val)
2463 static int fake_panic_set(void *data, u64 val)
2470 DEFINE_SIMPLE_ATTRIBUTE(fake_panic_fops, fake_panic_get,
2471 fake_panic_set, "%llu\n");
2473 static int __init mcheck_debugfs_init(void)
2475 struct dentry *dmce, *ffake_panic;
2477 dmce = mce_get_debugfs_dir();
2480 ffake_panic = debugfs_create_file("fake_panic", 0444, dmce, NULL,
2488 static int __init mcheck_debugfs_init(void) { return -EINVAL; }
2491 DEFINE_STATIC_KEY_FALSE(mcsafe_key);
2492 EXPORT_SYMBOL_GPL(mcsafe_key);
2494 static int __init mcheck_late_init(void)
2496 if (mca_cfg.recovery)
2497 static_branch_inc(&mcsafe_key);
2499 mcheck_debugfs_init();
2503 * Flush out everything that has been logged during early boot, now that
2504 * everything has been initialized (workqueues, decoders, ...).
2506 mce_schedule_work();
2510 late_initcall(mcheck_late_init);
git.samba.org / sfrench / cifs-2.6.git / blob