10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*2181Sayznaga * Common Development and Distribution License (the "License"). 6*2181Sayznaga * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 221280Srf157361 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 270Sstevel@tonic-gate 280Sstevel@tonic-gate #include <sys/types.h> 290Sstevel@tonic-gate #include <sys/machsystm.h> 300Sstevel@tonic-gate #include <sys/cpuvar.h> 310Sstevel@tonic-gate #include <sys/async.h> 320Sstevel@tonic-gate #include <sys/ontrap.h> 330Sstevel@tonic-gate #include <sys/ddifm.h> 340Sstevel@tonic-gate #include <sys/hypervisor_api.h> 350Sstevel@tonic-gate #include <sys/errorq.h> 360Sstevel@tonic-gate #include <sys/promif.h> 370Sstevel@tonic-gate #include <sys/prom_plat.h> 380Sstevel@tonic-gate #include <sys/x_call.h> 390Sstevel@tonic-gate #include <sys/error.h> 400Sstevel@tonic-gate #include <sys/fm/util.h> 41541Srf157361 #include <sys/ivintr.h> 420Sstevel@tonic-gate 430Sstevel@tonic-gate #define MAX_CE_FLTS 10 440Sstevel@tonic-gate #define MAX_ASYNC_FLTS 6 450Sstevel@tonic-gate 460Sstevel@tonic-gate errorq_t *ue_queue; /* queue of uncorrectable errors */ 470Sstevel@tonic-gate errorq_t *ce_queue; /* queue of correctable errors */ 480Sstevel@tonic-gate 490Sstevel@tonic-gate /* 500Sstevel@tonic-gate * Being used by memory test driver. 510Sstevel@tonic-gate * ce_verbose_memory - covers CEs in DIMMs 520Sstevel@tonic-gate * ce_verbose_other - covers "others" (ecache, IO, etc.) 530Sstevel@tonic-gate * 540Sstevel@tonic-gate * If the value is 0, nothing is logged. 550Sstevel@tonic-gate * If the value is 1, the error is logged to the log file, but not console. 560Sstevel@tonic-gate * If the value is 2, the error is logged to the log file and console. 570Sstevel@tonic-gate */ 580Sstevel@tonic-gate int ce_verbose_memory = 1; 590Sstevel@tonic-gate int ce_verbose_other = 1; 600Sstevel@tonic-gate 610Sstevel@tonic-gate int ce_show_data = 0; 620Sstevel@tonic-gate int ce_debug = 0; 630Sstevel@tonic-gate int ue_debug = 0; 640Sstevel@tonic-gate int reset_debug = 0; 650Sstevel@tonic-gate 660Sstevel@tonic-gate /* 670Sstevel@tonic-gate * Tunables for controlling the handling of asynchronous faults (AFTs). Setting 680Sstevel@tonic-gate * these to non-default values on a non-DEBUG kernel is NOT supported. 690Sstevel@tonic-gate */ 700Sstevel@tonic-gate int aft_verbose = 0; /* log AFT messages > 1 to log only */ 710Sstevel@tonic-gate int aft_panic = 0; /* panic (not reboot) on fatal usermode AFLT */ 720Sstevel@tonic-gate int aft_testfatal = 0; /* force all AFTs to panic immediately */ 730Sstevel@tonic-gate 740Sstevel@tonic-gate /* 75541Srf157361 * Used for vbsc hostshutdown (power-off buton) 76541Srf157361 */ 77541Srf157361 int err_shutdown_triggered = 0; /* only once */ 78541Srf157361 uint_t err_shutdown_inum = 0; /* used to pull the trigger */ 79541Srf157361 80541Srf157361 /* 810Sstevel@tonic-gate * Defined in bus_func.c but initialised in error_init 820Sstevel@tonic-gate */ 830Sstevel@tonic-gate extern kmutex_t bfd_lock; 840Sstevel@tonic-gate 850Sstevel@tonic-gate static uint32_t rq_overflow_count = 0; /* counter for rq overflow */ 860Sstevel@tonic-gate 870Sstevel@tonic-gate static void cpu_queue_one_event(errh_async_flt_t *); 880Sstevel@tonic-gate static uint32_t count_entries_on_queue(uint64_t, uint64_t, uint32_t); 89917Selowe static void errh_page_retire(errh_async_flt_t *, uchar_t); 900Sstevel@tonic-gate static int errh_error_protected(struct regs *, struct async_flt *, int *); 910Sstevel@tonic-gate static void errh_rq_full(struct async_flt *); 920Sstevel@tonic-gate static void ue_drain(void *, struct async_flt *, errorq_elem_t *); 930Sstevel@tonic-gate static void ce_drain(void *, struct async_flt *, errorq_elem_t *); 940Sstevel@tonic-gate 950Sstevel@tonic-gate /*ARGSUSED*/ 960Sstevel@tonic-gate void 970Sstevel@tonic-gate process_resumable_error(struct regs *rp, uint32_t head_offset, 980Sstevel@tonic-gate uint32_t tail_offset) 990Sstevel@tonic-gate { 1000Sstevel@tonic-gate struct machcpu *mcpup; 1010Sstevel@tonic-gate struct async_flt *aflt; 1020Sstevel@tonic-gate errh_async_flt_t errh_flt; 1030Sstevel@tonic-gate errh_er_t *head_va; 1040Sstevel@tonic-gate 1050Sstevel@tonic-gate mcpup = &(CPU->cpu_m); 1060Sstevel@tonic-gate 1070Sstevel@tonic-gate while (head_offset != tail_offset) { 1080Sstevel@tonic-gate /* kernel buffer starts right after the resumable queue */ 1090Sstevel@tonic-gate head_va = (errh_er_t *)(mcpup->cpu_rq_va + head_offset + 1100Sstevel@tonic-gate CPU_RQ_SIZE); 1110Sstevel@tonic-gate /* Copy the error report to local buffer */ 1120Sstevel@tonic-gate bzero(&errh_flt, sizeof (errh_async_flt_t)); 1130Sstevel@tonic-gate bcopy((char *)head_va, &(errh_flt.errh_er), 1140Sstevel@tonic-gate sizeof (errh_er_t)); 1150Sstevel@tonic-gate 1160Sstevel@tonic-gate /* Increment the queue head */ 1170Sstevel@tonic-gate head_offset += Q_ENTRY_SIZE; 1180Sstevel@tonic-gate /* Wrap around */ 1190Sstevel@tonic-gate head_offset &= (CPU_RQ_SIZE - 1); 1200Sstevel@tonic-gate 1210Sstevel@tonic-gate /* set error handle to zero so it can hold new error report */ 1220Sstevel@tonic-gate head_va->ehdl = 0; 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate switch (errh_flt.errh_er.desc) { 1250Sstevel@tonic-gate case ERRH_DESC_UCOR_RE: 1260Sstevel@tonic-gate break; 1270Sstevel@tonic-gate 128541Srf157361 case ERRH_DESC_WARN_RE: 129541Srf157361 /* 130541Srf157361 * Power-off requested, but handle it one time only. 131541Srf157361 */ 132541Srf157361 if (!err_shutdown_triggered) { 133541Srf157361 setsoftint(err_shutdown_inum); 134541Srf157361 ++err_shutdown_triggered; 135541Srf157361 } 136541Srf157361 continue; 137541Srf157361 1380Sstevel@tonic-gate default: 1390Sstevel@tonic-gate cmn_err(CE_WARN, "Error Descriptor 0x%llx " 1400Sstevel@tonic-gate " invalid in resumable error handler", 1410Sstevel@tonic-gate (long long) errh_flt.errh_er.desc); 1420Sstevel@tonic-gate continue; 1430Sstevel@tonic-gate } 1440Sstevel@tonic-gate 1450Sstevel@tonic-gate aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt); 1460Sstevel@tonic-gate aflt->flt_id = gethrtime(); 1470Sstevel@tonic-gate aflt->flt_bus_id = getprocessorid(); 1480Sstevel@tonic-gate aflt->flt_class = CPU_FAULT; 1490Sstevel@tonic-gate aflt->flt_prot = AFLT_PROT_NONE; 1500Sstevel@tonic-gate aflt->flt_priv = (((errh_flt.errh_er.attr & ERRH_MODE_MASK) 1510Sstevel@tonic-gate >> ERRH_MODE_SHIFT) == ERRH_MODE_PRIV); 1520Sstevel@tonic-gate 1530Sstevel@tonic-gate if (errh_flt.errh_er.attr & ERRH_ATTR_CPU) 1540Sstevel@tonic-gate /* If it is an error on other cpu */ 1550Sstevel@tonic-gate aflt->flt_panic = 1; 1560Sstevel@tonic-gate else 1570Sstevel@tonic-gate aflt->flt_panic = 0; 1580Sstevel@tonic-gate 1590Sstevel@tonic-gate /* 1600Sstevel@tonic-gate * Handle resumable queue full case. 1610Sstevel@tonic-gate */ 1620Sstevel@tonic-gate if (errh_flt.errh_er.attr & ERRH_ATTR_RQF) { 1630Sstevel@tonic-gate (void) errh_rq_full(aflt); 1640Sstevel@tonic-gate } 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate /* 1670Sstevel@tonic-gate * Queue the error on ce or ue queue depend on flt_panic. 1680Sstevel@tonic-gate * Even if flt_panic is set, the code still keep processing 1690Sstevel@tonic-gate * the rest element on rq until the panic starts. 1700Sstevel@tonic-gate */ 1710Sstevel@tonic-gate (void) cpu_queue_one_event(&errh_flt); 1720Sstevel@tonic-gate 1730Sstevel@tonic-gate /* 1740Sstevel@tonic-gate * Panic here if aflt->flt_panic has been set. 1750Sstevel@tonic-gate * Enqueued errors will be logged as part of the panic flow. 1760Sstevel@tonic-gate */ 1770Sstevel@tonic-gate if (aflt->flt_panic) { 1780Sstevel@tonic-gate fm_panic("Unrecoverable error on another CPU"); 1790Sstevel@tonic-gate } 1800Sstevel@tonic-gate } 1810Sstevel@tonic-gate } 1820Sstevel@tonic-gate 1830Sstevel@tonic-gate void 1841457Swh94709 process_nonresumable_error(struct regs *rp, uint64_t flags, 1850Sstevel@tonic-gate uint32_t head_offset, uint32_t tail_offset) 1860Sstevel@tonic-gate { 1870Sstevel@tonic-gate struct machcpu *mcpup; 1880Sstevel@tonic-gate struct async_flt *aflt; 1890Sstevel@tonic-gate errh_async_flt_t errh_flt; 1900Sstevel@tonic-gate errh_er_t *head_va; 1910Sstevel@tonic-gate int trampolined = 0; 1920Sstevel@tonic-gate int expected = DDI_FM_ERR_UNEXPECTED; 1930Sstevel@tonic-gate uint64_t exec_mode; 1941457Swh94709 uint8_t u_spill_fill; 1950Sstevel@tonic-gate 1960Sstevel@tonic-gate mcpup = &(CPU->cpu_m); 1970Sstevel@tonic-gate 1980Sstevel@tonic-gate while (head_offset != tail_offset) { 1990Sstevel@tonic-gate /* kernel buffer starts right after the nonresumable queue */ 2000Sstevel@tonic-gate head_va = (errh_er_t *)(mcpup->cpu_nrq_va + head_offset + 2010Sstevel@tonic-gate CPU_NRQ_SIZE); 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate /* Copy the error report to local buffer */ 2040Sstevel@tonic-gate bzero(&errh_flt, sizeof (errh_async_flt_t)); 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate bcopy((char *)head_va, &(errh_flt.errh_er), 2070Sstevel@tonic-gate sizeof (errh_er_t)); 2080Sstevel@tonic-gate 2090Sstevel@tonic-gate /* Increment the queue head */ 2100Sstevel@tonic-gate head_offset += Q_ENTRY_SIZE; 2110Sstevel@tonic-gate /* Wrap around */ 2120Sstevel@tonic-gate head_offset &= (CPU_NRQ_SIZE - 1); 2130Sstevel@tonic-gate 2140Sstevel@tonic-gate /* set error handle to zero so it can hold new error report */ 2150Sstevel@tonic-gate head_va->ehdl = 0; 2160Sstevel@tonic-gate 2170Sstevel@tonic-gate aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt); 2180Sstevel@tonic-gate 2190Sstevel@tonic-gate trampolined = 0; 2200Sstevel@tonic-gate 2210Sstevel@tonic-gate if (errh_flt.errh_er.attr & ERRH_ATTR_PIO) 2220Sstevel@tonic-gate aflt->flt_class = BUS_FAULT; 2230Sstevel@tonic-gate else 2240Sstevel@tonic-gate aflt->flt_class = CPU_FAULT; 2250Sstevel@tonic-gate 2260Sstevel@tonic-gate aflt->flt_id = gethrtime(); 2270Sstevel@tonic-gate aflt->flt_bus_id = getprocessorid(); 2280Sstevel@tonic-gate aflt->flt_pc = (caddr_t)rp->r_pc; 2290Sstevel@tonic-gate exec_mode = (errh_flt.errh_er.attr & ERRH_MODE_MASK) 2300Sstevel@tonic-gate >> ERRH_MODE_SHIFT; 2310Sstevel@tonic-gate aflt->flt_priv = (exec_mode == ERRH_MODE_PRIV || 2320Sstevel@tonic-gate exec_mode == ERRH_MODE_UNKNOWN); 2330Sstevel@tonic-gate aflt->flt_prot = AFLT_PROT_NONE; 2341457Swh94709 aflt->flt_tl = (uchar_t)(flags & ERRH_TL_MASK); 2350Sstevel@tonic-gate aflt->flt_panic = ((aflt->flt_tl != 0) || 2360Sstevel@tonic-gate (aft_testfatal != 0)); 2370Sstevel@tonic-gate 2381457Swh94709 /* 2391457Swh94709 * For the first error packet on the queue, check if it 2401457Swh94709 * happened in user fill/spill trap. 2411457Swh94709 */ 2421457Swh94709 if (flags & ERRH_U_SPILL_FILL) { 2431457Swh94709 u_spill_fill = 1; 2441457Swh94709 /* clear the user fill/spill flag in flags */ 2451457Swh94709 flags = (uint64_t)aflt->flt_tl; 2461457Swh94709 } else 2471457Swh94709 u_spill_fill = 0; 2481457Swh94709 2490Sstevel@tonic-gate switch (errh_flt.errh_er.desc) { 2500Sstevel@tonic-gate case ERRH_DESC_PR_NRE: 2511457Swh94709 if (u_spill_fill) { 2521457Swh94709 aflt->flt_panic = 0; 2531457Swh94709 break; 2541457Swh94709 } 2550Sstevel@tonic-gate /* 2560Sstevel@tonic-gate * Fall through, precise fault also need to check 2570Sstevel@tonic-gate * to see if it was protected. 2580Sstevel@tonic-gate */ 2591457Swh94709 /*FALLTHRU*/ 2600Sstevel@tonic-gate 2610Sstevel@tonic-gate case ERRH_DESC_DEF_NRE: 2620Sstevel@tonic-gate /* 2630Sstevel@tonic-gate * If the trap occurred in privileged mode at TL=0, 2640Sstevel@tonic-gate * we need to check to see if we were executing 2650Sstevel@tonic-gate * in kernel under on_trap() or t_lofault 2661280Srf157361 * protection. If so, and if it was a PIO or MEM 2671280Srf157361 * error, then modify the saved registers so that 2681280Srf157361 * we return from the trap to the appropriate 2691280Srf157361 * trampoline routine. 2700Sstevel@tonic-gate */ 2711280Srf157361 if (aflt->flt_priv == 1 && aflt->flt_tl == 0 && 2721280Srf157361 ((errh_flt.errh_er.attr & ERRH_ATTR_PIO) || 2731280Srf157361 (errh_flt.errh_er.attr & ERRH_ATTR_MEM))) { 2740Sstevel@tonic-gate trampolined = 2750Sstevel@tonic-gate errh_error_protected(rp, aflt, &expected); 2761280Srf157361 } 2770Sstevel@tonic-gate 2780Sstevel@tonic-gate if (!aflt->flt_priv || aflt->flt_prot == 2790Sstevel@tonic-gate AFLT_PROT_COPY) { 2800Sstevel@tonic-gate aflt->flt_panic |= aft_panic; 2810Sstevel@tonic-gate } else if (!trampolined && 2821280Srf157361 (errh_flt.errh_er.attr & ERRH_ATTR_MEM)) { 2830Sstevel@tonic-gate aflt->flt_panic = 1; 2840Sstevel@tonic-gate } 2850Sstevel@tonic-gate 2860Sstevel@tonic-gate /* 2870Sstevel@tonic-gate * If PIO error, we need to query the bus nexus 2880Sstevel@tonic-gate * for fatal errors. 2890Sstevel@tonic-gate */ 2900Sstevel@tonic-gate if (aflt->flt_class == BUS_FAULT) { 2910Sstevel@tonic-gate aflt->flt_addr = errh_flt.errh_er.ra; 2920Sstevel@tonic-gate errh_cpu_run_bus_error_handlers(aflt, 2930Sstevel@tonic-gate expected); 2940Sstevel@tonic-gate } 2950Sstevel@tonic-gate 2960Sstevel@tonic-gate break; 2970Sstevel@tonic-gate 2980Sstevel@tonic-gate default: 2990Sstevel@tonic-gate cmn_err(CE_WARN, "Error Descriptor 0x%llx " 3000Sstevel@tonic-gate " invalid in nonresumable error handler", 3010Sstevel@tonic-gate (long long) errh_flt.errh_er.desc); 3020Sstevel@tonic-gate continue; 3030Sstevel@tonic-gate } 3040Sstevel@tonic-gate 3050Sstevel@tonic-gate /* 3060Sstevel@tonic-gate * Queue the error report for further processing. If 3070Sstevel@tonic-gate * flt_panic is set, code still process other errors 3080Sstevel@tonic-gate * in the queue until the panic routine stops the 3090Sstevel@tonic-gate * kernel. 3100Sstevel@tonic-gate */ 3110Sstevel@tonic-gate (void) cpu_queue_one_event(&errh_flt); 3120Sstevel@tonic-gate 3130Sstevel@tonic-gate /* 3140Sstevel@tonic-gate * Panic here if aflt->flt_panic has been set. 3150Sstevel@tonic-gate * Enqueued errors will be logged as part of the panic flow. 3160Sstevel@tonic-gate */ 3170Sstevel@tonic-gate if (aflt->flt_panic) { 3180Sstevel@tonic-gate fm_panic("Unrecoverable hardware error"); 3190Sstevel@tonic-gate } 3200Sstevel@tonic-gate 3210Sstevel@tonic-gate /* 322917Selowe * Call page_retire() to handle memory errors. 3230Sstevel@tonic-gate */ 3240Sstevel@tonic-gate if (errh_flt.errh_er.attr & ERRH_ATTR_MEM) 325917Selowe errh_page_retire(&errh_flt, PR_UE); 3260Sstevel@tonic-gate 3270Sstevel@tonic-gate /* 3281457Swh94709 * If we queued an error and the it was in user mode, or 3291457Swh94709 * protected by t_lofault, or user_spill_fill is set, we 3300Sstevel@tonic-gate * set AST flag so the queue will be drained before 3310Sstevel@tonic-gate * returning to user mode. 3320Sstevel@tonic-gate */ 3331457Swh94709 if (!aflt->flt_priv || aflt->flt_prot == AFLT_PROT_COPY || 3341457Swh94709 u_spill_fill) { 3350Sstevel@tonic-gate int pcb_flag = 0; 3360Sstevel@tonic-gate 3370Sstevel@tonic-gate if (aflt->flt_class == CPU_FAULT) 3380Sstevel@tonic-gate pcb_flag |= ASYNC_HWERR; 3390Sstevel@tonic-gate else if (aflt->flt_class == BUS_FAULT) 3400Sstevel@tonic-gate pcb_flag |= ASYNC_BERR; 3410Sstevel@tonic-gate 3420Sstevel@tonic-gate ttolwp(curthread)->lwp_pcb.pcb_flags |= pcb_flag; 3430Sstevel@tonic-gate aston(curthread); 3440Sstevel@tonic-gate } 3450Sstevel@tonic-gate } 3460Sstevel@tonic-gate } 3470Sstevel@tonic-gate 3480Sstevel@tonic-gate /* 3490Sstevel@tonic-gate * For PIO errors, this routine calls nexus driver's error 3500Sstevel@tonic-gate * callback routines. If the callback routine returns fatal, and 3510Sstevel@tonic-gate * we are in kernel or unknow mode without any error protection, 3520Sstevel@tonic-gate * we need to turn on the panic flag. 3530Sstevel@tonic-gate */ 3540Sstevel@tonic-gate void 3550Sstevel@tonic-gate errh_cpu_run_bus_error_handlers(struct async_flt *aflt, int expected) 3560Sstevel@tonic-gate { 3570Sstevel@tonic-gate int status; 3580Sstevel@tonic-gate ddi_fm_error_t de; 3590Sstevel@tonic-gate 3600Sstevel@tonic-gate bzero(&de, sizeof (ddi_fm_error_t)); 3610Sstevel@tonic-gate 3620Sstevel@tonic-gate de.fme_version = DDI_FME_VERSION; 3630Sstevel@tonic-gate de.fme_ena = fm_ena_generate(aflt->flt_id, FM_ENA_FMT1); 3640Sstevel@tonic-gate de.fme_flag = expected; 3650Sstevel@tonic-gate de.fme_bus_specific = (void *)aflt->flt_addr; 3660Sstevel@tonic-gate status = ndi_fm_handler_dispatch(ddi_root_node(), NULL, &de); 3670Sstevel@tonic-gate 3680Sstevel@tonic-gate /* 3690Sstevel@tonic-gate * If error is protected, it will jump to proper routine 3700Sstevel@tonic-gate * to handle the handle; if it is in user level, we just 3710Sstevel@tonic-gate * kill the user process; if the driver thinks the error is 3720Sstevel@tonic-gate * not fatal, we can drive on. If none of above are true, 3730Sstevel@tonic-gate * we panic 3740Sstevel@tonic-gate */ 3750Sstevel@tonic-gate if ((aflt->flt_prot == AFLT_PROT_NONE) && (aflt->flt_priv == 1) && 3760Sstevel@tonic-gate (status == DDI_FM_FATAL)) 3770Sstevel@tonic-gate aflt->flt_panic = 1; 3780Sstevel@tonic-gate } 3790Sstevel@tonic-gate 3800Sstevel@tonic-gate /* 3810Sstevel@tonic-gate * This routine checks to see if we are under any error protection when 3820Sstevel@tonic-gate * the error happens. If we are under error protection, we unwind to 3830Sstevel@tonic-gate * the protection and indicate fault. 3840Sstevel@tonic-gate */ 3850Sstevel@tonic-gate static int 3860Sstevel@tonic-gate errh_error_protected(struct regs *rp, struct async_flt *aflt, int *expected) 3870Sstevel@tonic-gate { 3880Sstevel@tonic-gate int trampolined = 0; 3890Sstevel@tonic-gate ddi_acc_hdl_t *hp; 3900Sstevel@tonic-gate 3910Sstevel@tonic-gate if (curthread->t_ontrap != NULL) { 3920Sstevel@tonic-gate on_trap_data_t *otp = curthread->t_ontrap; 3930Sstevel@tonic-gate 3940Sstevel@tonic-gate if (otp->ot_prot & OT_DATA_EC) { 3950Sstevel@tonic-gate aflt->flt_prot = AFLT_PROT_EC; 3960Sstevel@tonic-gate otp->ot_trap |= OT_DATA_EC; 3970Sstevel@tonic-gate rp->r_pc = otp->ot_trampoline; 3980Sstevel@tonic-gate rp->r_npc = rp->r_pc +4; 3990Sstevel@tonic-gate trampolined = 1; 4000Sstevel@tonic-gate } 4010Sstevel@tonic-gate 4020Sstevel@tonic-gate if (otp->ot_prot & OT_DATA_ACCESS) { 4030Sstevel@tonic-gate aflt->flt_prot = AFLT_PROT_ACCESS; 4040Sstevel@tonic-gate otp->ot_trap |= OT_DATA_ACCESS; 4050Sstevel@tonic-gate rp->r_pc = otp->ot_trampoline; 4060Sstevel@tonic-gate rp->r_npc = rp->r_pc + 4; 4070Sstevel@tonic-gate trampolined = 1; 4080Sstevel@tonic-gate /* 4090Sstevel@tonic-gate * for peek and caut_gets 4100Sstevel@tonic-gate * errors are expected 4110Sstevel@tonic-gate */ 4120Sstevel@tonic-gate hp = (ddi_acc_hdl_t *)otp->ot_handle; 4130Sstevel@tonic-gate if (!hp) 4140Sstevel@tonic-gate *expected = DDI_FM_ERR_PEEK; 4150Sstevel@tonic-gate else if (hp->ah_acc.devacc_attr_access == 4160Sstevel@tonic-gate DDI_CAUTIOUS_ACC) 4170Sstevel@tonic-gate *expected = DDI_FM_ERR_EXPECTED; 4180Sstevel@tonic-gate } 4190Sstevel@tonic-gate } else if (curthread->t_lofault) { 4200Sstevel@tonic-gate aflt->flt_prot = AFLT_PROT_COPY; 4210Sstevel@tonic-gate rp->r_g1 = EFAULT; 4220Sstevel@tonic-gate rp->r_pc = curthread->t_lofault; 4230Sstevel@tonic-gate rp->r_npc = rp->r_pc + 4; 4240Sstevel@tonic-gate trampolined = 1; 4250Sstevel@tonic-gate } 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate return (trampolined); 4280Sstevel@tonic-gate } 4290Sstevel@tonic-gate 4300Sstevel@tonic-gate /* 4310Sstevel@tonic-gate * Queue one event. 4320Sstevel@tonic-gate */ 4330Sstevel@tonic-gate static void 4340Sstevel@tonic-gate cpu_queue_one_event(errh_async_flt_t *errh_fltp) 4350Sstevel@tonic-gate { 4360Sstevel@tonic-gate struct async_flt *aflt = (struct async_flt *)errh_fltp; 4370Sstevel@tonic-gate errorq_t *eqp; 4380Sstevel@tonic-gate 4390Sstevel@tonic-gate if (aflt->flt_panic) 4400Sstevel@tonic-gate eqp = ue_queue; 4410Sstevel@tonic-gate else 4420Sstevel@tonic-gate eqp = ce_queue; 4430Sstevel@tonic-gate 4440Sstevel@tonic-gate errorq_dispatch(eqp, errh_fltp, sizeof (errh_async_flt_t), 4450Sstevel@tonic-gate aflt->flt_panic); 4460Sstevel@tonic-gate } 4470Sstevel@tonic-gate 4480Sstevel@tonic-gate /* 4490Sstevel@tonic-gate * The cpu_async_log_err() function is called by the ce/ue_drain() function to 4500Sstevel@tonic-gate * handle logging for CPU events that are dequeued. As such, it can be invoked 4510Sstevel@tonic-gate * from softint context, from AST processing in the trap() flow, or from the 4520Sstevel@tonic-gate * panic flow. We decode the CPU-specific data, and log appropriate messages. 4530Sstevel@tonic-gate */ 4540Sstevel@tonic-gate void 4550Sstevel@tonic-gate cpu_async_log_err(void *flt) 4560Sstevel@tonic-gate { 4570Sstevel@tonic-gate errh_async_flt_t *errh_fltp = (errh_async_flt_t *)flt; 4580Sstevel@tonic-gate errh_er_t *errh_erp = (errh_er_t *)&errh_fltp->errh_er; 4590Sstevel@tonic-gate 4600Sstevel@tonic-gate switch (errh_erp->desc) { 4610Sstevel@tonic-gate case ERRH_DESC_UCOR_RE: 4620Sstevel@tonic-gate if (errh_erp->attr & ERRH_ATTR_MEM) { 4630Sstevel@tonic-gate /* 464917Selowe * Turn on the PR_UE flag. The page will be 4650Sstevel@tonic-gate * scrubbed when it is freed. 4660Sstevel@tonic-gate */ 467917Selowe errh_page_retire(errh_fltp, PR_UE); 4680Sstevel@tonic-gate } 4690Sstevel@tonic-gate 4700Sstevel@tonic-gate break; 4710Sstevel@tonic-gate 4720Sstevel@tonic-gate case ERRH_DESC_PR_NRE: 4730Sstevel@tonic-gate case ERRH_DESC_DEF_NRE: 4740Sstevel@tonic-gate if (errh_erp->attr & ERRH_ATTR_MEM) { 4750Sstevel@tonic-gate /* 4760Sstevel@tonic-gate * For non-resumable memory error, retire 4770Sstevel@tonic-gate * the page here. 4780Sstevel@tonic-gate */ 479917Selowe errh_page_retire(errh_fltp, PR_UE); 480639Swh94709 481639Swh94709 /* 482639Swh94709 * If we are going to panic, scrub the page first 483639Swh94709 */ 484639Swh94709 if (errh_fltp->cmn_asyncflt.flt_panic) 485639Swh94709 mem_scrub(errh_fltp->errh_er.ra, 486639Swh94709 errh_fltp->errh_er.sz); 4870Sstevel@tonic-gate } 4880Sstevel@tonic-gate break; 4890Sstevel@tonic-gate 4900Sstevel@tonic-gate default: 4910Sstevel@tonic-gate break; 4920Sstevel@tonic-gate } 4930Sstevel@tonic-gate } 4940Sstevel@tonic-gate 4950Sstevel@tonic-gate /* 4960Sstevel@tonic-gate * Called from ce_drain(). 4970Sstevel@tonic-gate */ 4980Sstevel@tonic-gate void 4990Sstevel@tonic-gate cpu_ce_log_err(struct async_flt *aflt) 5000Sstevel@tonic-gate { 5010Sstevel@tonic-gate switch (aflt->flt_class) { 5020Sstevel@tonic-gate case CPU_FAULT: 5030Sstevel@tonic-gate cpu_async_log_err(aflt); 5040Sstevel@tonic-gate break; 5050Sstevel@tonic-gate 5060Sstevel@tonic-gate case BUS_FAULT: 5070Sstevel@tonic-gate cpu_async_log_err(aflt); 5080Sstevel@tonic-gate break; 5090Sstevel@tonic-gate 5100Sstevel@tonic-gate default: 5110Sstevel@tonic-gate break; 5120Sstevel@tonic-gate } 5130Sstevel@tonic-gate } 5140Sstevel@tonic-gate 5150Sstevel@tonic-gate /* 5160Sstevel@tonic-gate * Called from ue_drain(). 5170Sstevel@tonic-gate */ 5180Sstevel@tonic-gate void 5190Sstevel@tonic-gate cpu_ue_log_err(struct async_flt *aflt) 5200Sstevel@tonic-gate { 5210Sstevel@tonic-gate switch (aflt->flt_class) { 5220Sstevel@tonic-gate case CPU_FAULT: 5230Sstevel@tonic-gate cpu_async_log_err(aflt); 5240Sstevel@tonic-gate break; 5250Sstevel@tonic-gate 5260Sstevel@tonic-gate case BUS_FAULT: 5270Sstevel@tonic-gate cpu_async_log_err(aflt); 5280Sstevel@tonic-gate break; 5290Sstevel@tonic-gate 5300Sstevel@tonic-gate default: 5310Sstevel@tonic-gate break; 5320Sstevel@tonic-gate } 5330Sstevel@tonic-gate } 5340Sstevel@tonic-gate 5350Sstevel@tonic-gate /* 5360Sstevel@tonic-gate * Turn on flag on the error memory region. 5370Sstevel@tonic-gate */ 5380Sstevel@tonic-gate static void 539917Selowe errh_page_retire(errh_async_flt_t *errh_fltp, uchar_t flag) 5400Sstevel@tonic-gate { 5410Sstevel@tonic-gate uint64_t flt_real_addr_start = errh_fltp->errh_er.ra; 5420Sstevel@tonic-gate uint64_t flt_real_addr_end = flt_real_addr_start + 5430Sstevel@tonic-gate errh_fltp->errh_er.sz - 1; 5440Sstevel@tonic-gate int64_t current_addr; 5450Sstevel@tonic-gate 5460Sstevel@tonic-gate if (errh_fltp->errh_er.sz == 0) 5470Sstevel@tonic-gate return; 5480Sstevel@tonic-gate 5490Sstevel@tonic-gate for (current_addr = flt_real_addr_start; 5500Sstevel@tonic-gate current_addr < flt_real_addr_end; current_addr += MMU_PAGESIZE) { 551917Selowe (void) page_retire(current_addr, flag); 5520Sstevel@tonic-gate } 5530Sstevel@tonic-gate } 5540Sstevel@tonic-gate 5550Sstevel@tonic-gate void 5560Sstevel@tonic-gate mem_scrub(uint64_t paddr, uint64_t len) 5570Sstevel@tonic-gate { 5580Sstevel@tonic-gate uint64_t pa, length, scrubbed_len; 5590Sstevel@tonic-gate 5600Sstevel@tonic-gate pa = paddr; 5610Sstevel@tonic-gate length = len; 5620Sstevel@tonic-gate scrubbed_len = 0; 5630Sstevel@tonic-gate 564639Swh94709 while (length > 0) { 565639Swh94709 if (hv_mem_scrub(pa, length, &scrubbed_len) != H_EOK) 5660Sstevel@tonic-gate break; 5670Sstevel@tonic-gate 5680Sstevel@tonic-gate pa += scrubbed_len; 5690Sstevel@tonic-gate length -= scrubbed_len; 5700Sstevel@tonic-gate } 5710Sstevel@tonic-gate } 5720Sstevel@tonic-gate 5731457Swh94709 /* 5741457Swh94709 * Call hypervisor to flush the memory region. The memory region 5751457Swh94709 * must be within the same page frame. 5761457Swh94709 */ 5770Sstevel@tonic-gate void 5780Sstevel@tonic-gate mem_sync(caddr_t va, size_t len) 5790Sstevel@tonic-gate { 5800Sstevel@tonic-gate uint64_t pa, length, flushed; 5810Sstevel@tonic-gate 5820Sstevel@tonic-gate pa = va_to_pa((caddr_t)va); 5830Sstevel@tonic-gate 5840Sstevel@tonic-gate if (pa == (uint64_t)-1) 5850Sstevel@tonic-gate return; 5860Sstevel@tonic-gate 587*2181Sayznaga ASSERT((pa >> MMU_PAGESHIFT) == ((pa + len - 1) >> MMU_PAGESHIFT)); 5881457Swh94709 5890Sstevel@tonic-gate length = len; 5900Sstevel@tonic-gate flushed = 0; 5910Sstevel@tonic-gate 592639Swh94709 while (length > 0) { 593639Swh94709 if (hv_mem_sync(pa, length, &flushed) != H_EOK) 5940Sstevel@tonic-gate break; 5950Sstevel@tonic-gate 5960Sstevel@tonic-gate pa += flushed; 5970Sstevel@tonic-gate length -= flushed; 5980Sstevel@tonic-gate } 5990Sstevel@tonic-gate } 6000Sstevel@tonic-gate 6010Sstevel@tonic-gate /* 6020Sstevel@tonic-gate * If resumable queue is full, we need to check if any cpu is in 6030Sstevel@tonic-gate * error state. If not, we drive on. If yes, we need to panic. The 6040Sstevel@tonic-gate * hypervisor call hv_cpu_state() is being used for checking the 6050Sstevel@tonic-gate * cpu state. 6060Sstevel@tonic-gate */ 6070Sstevel@tonic-gate static void 6080Sstevel@tonic-gate errh_rq_full(struct async_flt *afltp) 6090Sstevel@tonic-gate { 6100Sstevel@tonic-gate processorid_t who; 6110Sstevel@tonic-gate uint64_t cpu_state; 6120Sstevel@tonic-gate uint64_t retval; 6130Sstevel@tonic-gate 6140Sstevel@tonic-gate for (who = 0; who < NCPU; who++) 6150Sstevel@tonic-gate if (CPU_IN_SET(cpu_ready_set, who)) { 6160Sstevel@tonic-gate retval = hv_cpu_state(who, &cpu_state); 6170Sstevel@tonic-gate if (retval != H_EOK || cpu_state == CPU_STATE_ERROR) { 6180Sstevel@tonic-gate afltp->flt_panic = 1; 6190Sstevel@tonic-gate break; 6200Sstevel@tonic-gate } 6210Sstevel@tonic-gate } 6220Sstevel@tonic-gate } 6230Sstevel@tonic-gate 6240Sstevel@tonic-gate /* 6250Sstevel@tonic-gate * Return processor specific async error structure 6260Sstevel@tonic-gate * size used. 6270Sstevel@tonic-gate */ 6280Sstevel@tonic-gate int 6290Sstevel@tonic-gate cpu_aflt_size(void) 6300Sstevel@tonic-gate { 6310Sstevel@tonic-gate return (sizeof (errh_async_flt_t)); 6320Sstevel@tonic-gate } 6330Sstevel@tonic-gate 6340Sstevel@tonic-gate #define SZ_TO_ETRS_SHIFT 6 6350Sstevel@tonic-gate 6360Sstevel@tonic-gate /* 6370Sstevel@tonic-gate * Message print out when resumable queue is overflown 6380Sstevel@tonic-gate */ 6390Sstevel@tonic-gate /*ARGSUSED*/ 6400Sstevel@tonic-gate void 6410Sstevel@tonic-gate rq_overflow(struct regs *rp, uint64_t head_offset, 6420Sstevel@tonic-gate uint64_t tail_offset) 6430Sstevel@tonic-gate { 6440Sstevel@tonic-gate rq_overflow_count++; 6450Sstevel@tonic-gate } 6460Sstevel@tonic-gate 6470Sstevel@tonic-gate /* 6480Sstevel@tonic-gate * Handler to process a fatal error. This routine can be called from a 6490Sstevel@tonic-gate * softint, called from trap()'s AST handling, or called from the panic flow. 6500Sstevel@tonic-gate */ 6510Sstevel@tonic-gate /*ARGSUSED*/ 6520Sstevel@tonic-gate static void 6530Sstevel@tonic-gate ue_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep) 6540Sstevel@tonic-gate { 6550Sstevel@tonic-gate cpu_ue_log_err(aflt); 6560Sstevel@tonic-gate } 6570Sstevel@tonic-gate 6580Sstevel@tonic-gate /* 6590Sstevel@tonic-gate * Handler to process a correctable error. This routine can be called from a 6600Sstevel@tonic-gate * softint. We just call the CPU module's logging routine. 6610Sstevel@tonic-gate */ 6620Sstevel@tonic-gate /*ARGSUSED*/ 6630Sstevel@tonic-gate static void 6640Sstevel@tonic-gate ce_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep) 6650Sstevel@tonic-gate { 6660Sstevel@tonic-gate cpu_ce_log_err(aflt); 6670Sstevel@tonic-gate } 6680Sstevel@tonic-gate 6690Sstevel@tonic-gate /* 670541Srf157361 * Handler to process vbsc hostshutdown (power-off button). 671541Srf157361 */ 672541Srf157361 static int 673541Srf157361 err_shutdown_softintr() 674541Srf157361 { 675541Srf157361 cmn_err(CE_WARN, "Power-off requested, system will now shutdown."); 676541Srf157361 do_shutdown(); 677541Srf157361 678541Srf157361 /* 679541Srf157361 * just in case do_shutdown() fails 680541Srf157361 */ 681541Srf157361 (void) timeout((void(*)(void *))power_down, NULL, 100 * hz); 682541Srf157361 return (DDI_INTR_CLAIMED); 683541Srf157361 } 684541Srf157361 685541Srf157361 /* 6860Sstevel@tonic-gate * Allocate error queue sizes based on max_ncpus. max_ncpus is set just 6870Sstevel@tonic-gate * after ncpunode has been determined. ncpus is set in start_other_cpus 6880Sstevel@tonic-gate * which is called after error_init() but may change dynamically. 6890Sstevel@tonic-gate */ 6900Sstevel@tonic-gate void 6910Sstevel@tonic-gate error_init(void) 6920Sstevel@tonic-gate { 6930Sstevel@tonic-gate char tmp_name[MAXSYSNAME]; 694789Sahrens pnode_t node; 6950Sstevel@tonic-gate size_t size = cpu_aflt_size(); 6960Sstevel@tonic-gate 6970Sstevel@tonic-gate /* 6980Sstevel@tonic-gate * Initialize the correctable and uncorrectable error queues. 6990Sstevel@tonic-gate */ 7000Sstevel@tonic-gate ue_queue = errorq_create("ue_queue", (errorq_func_t)ue_drain, NULL, 7010Sstevel@tonic-gate MAX_ASYNC_FLTS * (max_ncpus + 1), size, PIL_2, ERRORQ_VITAL); 7020Sstevel@tonic-gate 7030Sstevel@tonic-gate ce_queue = errorq_create("ce_queue", (errorq_func_t)ce_drain, NULL, 7040Sstevel@tonic-gate MAX_CE_FLTS * (max_ncpus + 1), size, PIL_1, 0); 7050Sstevel@tonic-gate 7060Sstevel@tonic-gate if (ue_queue == NULL || ce_queue == NULL) 7070Sstevel@tonic-gate panic("failed to create required system error queue"); 7080Sstevel@tonic-gate 7090Sstevel@tonic-gate /* 710541Srf157361 * Setup interrupt handler for power-off button. 711541Srf157361 */ 712541Srf157361 err_shutdown_inum = add_softintr(PIL_9, 713541Srf157361 (softintrfunc)err_shutdown_softintr, NULL); 714541Srf157361 715541Srf157361 /* 7160Sstevel@tonic-gate * Initialize the busfunc list mutex. This must be a PIL_15 spin lock 7170Sstevel@tonic-gate * because we will need to acquire it from cpu_async_error(). 7180Sstevel@tonic-gate */ 7190Sstevel@tonic-gate mutex_init(&bfd_lock, NULL, MUTEX_SPIN, (void *)PIL_15); 7200Sstevel@tonic-gate 7210Sstevel@tonic-gate node = prom_rootnode(); 7220Sstevel@tonic-gate if ((node == OBP_NONODE) || (node == OBP_BADNODE)) { 7230Sstevel@tonic-gate cmn_err(CE_CONT, "error_init: node 0x%x\n", (uint_t)node); 7240Sstevel@tonic-gate return; 7250Sstevel@tonic-gate } 7260Sstevel@tonic-gate 7270Sstevel@tonic-gate if (((size = prom_getproplen(node, "reset-reason")) != -1) && 7280Sstevel@tonic-gate (size <= MAXSYSNAME) && 7290Sstevel@tonic-gate (prom_getprop(node, "reset-reason", tmp_name) != -1)) { 7300Sstevel@tonic-gate if (reset_debug) { 7310Sstevel@tonic-gate cmn_err(CE_CONT, "System booting after %s\n", tmp_name); 7320Sstevel@tonic-gate } else if (strncmp(tmp_name, "FATAL", 5) == 0) { 7330Sstevel@tonic-gate cmn_err(CE_CONT, 7340Sstevel@tonic-gate "System booting after fatal error %s\n", tmp_name); 7350Sstevel@tonic-gate } 7360Sstevel@tonic-gate } 7370Sstevel@tonic-gate } 738817Swh94709 739817Swh94709 /* 740817Swh94709 * Nonresumable queue is full, panic here 741817Swh94709 */ 742817Swh94709 /*ARGSUSED*/ 743817Swh94709 void 744817Swh94709 nrq_overflow(struct regs *rp) 745817Swh94709 { 746817Swh94709 fm_panic("Nonresumable queue full"); 747817Swh94709 } 748