1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * MCE grading rules.
4 * Copyright 2008, 2009 Intel Corporation.
5 *
6 * Author: Andi Kleen
7 */
8 #include <linux/kernel.h>
9 #include <linux/seq_file.h>
10 #include <linux/init.h>
11 #include <linux/debugfs.h>
12 #include <linux/uaccess.h>
13
14 #include <asm/mce.h>
15 #include <asm/intel-family.h>
16 #include <asm/traps.h>
17 #include <asm/insn.h>
18 #include <asm/insn-eval.h>
19
20 #include "internal.h"
21
22 /*
23 * Grade an mce by severity. In general the most severe ones are processed
24 * first. Since there are quite a lot of combinations test the bits in a
25 * table-driven way. The rules are simply processed in order, first
26 * match wins.
27 *
28 * Note this is only used for machine check exceptions, the corrected
29 * errors use much simpler rules. The exceptions still check for the corrected
30 * errors, but only to leave them alone for the CMCI handler (except for
31 * panic situations)
32 */
33
34 enum context { IN_KERNEL = 1, IN_USER = 2, IN_KERNEL_RECOV = 3 };
35 enum ser { SER_REQUIRED = 1, NO_SER = 2 };
36 enum exception { EXCP_CONTEXT = 1, NO_EXCP = 2 };
37
38 static struct severity {
39 u64 mask;
40 u64 result;
41 unsigned char sev;
42 unsigned char mcgmask;
43 unsigned char mcgres;
44 unsigned char ser;
45 unsigned char context;
46 unsigned char excp;
47 unsigned char covered;
48 unsigned char cpu_model;
49 unsigned char cpu_minstepping;
50 unsigned char bank_lo, bank_hi;
51 char *msg;
52 } severities[] = {
53 #define MCESEV(s, m, c...) { .sev = MCE_ ## s ## _SEVERITY, .msg = m, ## c }
54 #define BANK_RANGE(l, h) .bank_lo = l, .bank_hi = h
55 #define MODEL_STEPPING(m, s) .cpu_model = m, .cpu_minstepping = s
56 #define KERNEL .context = IN_KERNEL
57 #define USER .context = IN_USER
58 #define KERNEL_RECOV .context = IN_KERNEL_RECOV
59 #define SER .ser = SER_REQUIRED
60 #define NOSER .ser = NO_SER
61 #define EXCP .excp = EXCP_CONTEXT
62 #define NOEXCP .excp = NO_EXCP
63 #define BITCLR(x) .mask = x, .result = 0
64 #define BITSET(x) .mask = x, .result = x
65 #define MCGMASK(x, y) .mcgmask = x, .mcgres = y
66 #define MASK(x, y) .mask = x, .result = y
67 #define MCI_UC_S (MCI_STATUS_UC|MCI_STATUS_S)
68 #define MCI_UC_AR (MCI_STATUS_UC|MCI_STATUS_AR)
69 #define MCI_UC_SAR (MCI_STATUS_UC|MCI_STATUS_S|MCI_STATUS_AR)
70 #define MCI_ADDR (MCI_STATUS_ADDRV|MCI_STATUS_MISCV)
71
72 MCESEV(
73 NO, "Invalid",
74 BITCLR(MCI_STATUS_VAL)
75 ),
76 MCESEV(
77 NO, "Not enabled",
78 EXCP, BITCLR(MCI_STATUS_EN)
79 ),
80 MCESEV(
81 PANIC, "Processor context corrupt",
82 BITSET(MCI_STATUS_PCC)
83 ),
84 /* When MCIP is not set something is very confused */
85 MCESEV(
86 PANIC, "MCIP not set in MCA handler",
87 EXCP, MCGMASK(MCG_STATUS_MCIP, 0)
88 ),
89 /* Neither return not error IP -- no chance to recover -> PANIC */
90 MCESEV(
91 PANIC, "Neither restart nor error IP",
92 EXCP, MCGMASK(MCG_STATUS_RIPV|MCG_STATUS_EIPV, 0)
93 ),
94 MCESEV(
95 PANIC, "In kernel and no restart IP",
96 EXCP, KERNEL, MCGMASK(MCG_STATUS_RIPV, 0)
97 ),
98 MCESEV(
99 PANIC, "In kernel and no restart IP",
100 EXCP, KERNEL_RECOV, MCGMASK(MCG_STATUS_RIPV, 0)
101 ),
102 MCESEV(
103 KEEP, "Corrected error",
104 NOSER, BITCLR(MCI_STATUS_UC)
105 ),
106 /*
107 * known AO MCACODs reported via MCE or CMC:
108 *
109 * SRAO could be signaled either via a machine check exception or
110 * CMCI with the corresponding bit S 1 or 0. So we don't need to
111 * check bit S for SRAO.
112 */
113 MCESEV(
114 AO, "Action optional: memory scrubbing error",
115 SER, MASK(MCI_UC_AR|MCACOD_SCRUBMSK, MCI_STATUS_UC|MCACOD_SCRUB)
116 ),
117 MCESEV(
118 AO, "Action optional: last level cache writeback error",
119 SER, MASK(MCI_UC_AR|MCACOD, MCI_STATUS_UC|MCACOD_L3WB)
120 ),
121 /*
122 * Quirk for Skylake/Cascade Lake. Patrol scrubber may be configured
123 * to report uncorrected errors using CMCI with a special signature.
124 * UC=0, MSCOD=0x0010, MCACOD=binary(000X 0000 1100 XXXX) reported
125 * in one of the memory controller banks.
126 * Set severity to "AO" for same action as normal patrol scrub error.
127 */
128 MCESEV(
129 AO, "Uncorrected Patrol Scrub Error",
130 SER, MASK(MCI_STATUS_UC|MCI_ADDR|0xffffeff0, MCI_ADDR|0x001000c0),
131 MODEL_STEPPING(INTEL_FAM6_SKYLAKE_X, 4), BANK_RANGE(13, 18)
132 ),
133
134 /* ignore OVER for UCNA */
135 MCESEV(
136 UCNA, "Uncorrected no action required",
137 SER, MASK(MCI_UC_SAR, MCI_STATUS_UC)
138 ),
139 MCESEV(
140 PANIC, "Illegal combination (UCNA with AR=1)",
141 SER,
142 MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_UC|MCI_STATUS_AR)
143 ),
144 MCESEV(
145 KEEP, "Non signaled machine check",
146 SER, BITCLR(MCI_STATUS_S)
147 ),
148
149 MCESEV(
150 PANIC, "Action required with lost events",
151 SER, BITSET(MCI_STATUS_OVER|MCI_UC_SAR)
152 ),
153
154 /* known AR MCACODs: */
155 #ifdef CONFIG_MEMORY_FAILURE
156 MCESEV(
157 KEEP, "Action required but unaffected thread is continuable",
158 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR, MCI_UC_SAR|MCI_ADDR),
159 MCGMASK(MCG_STATUS_RIPV|MCG_STATUS_EIPV, MCG_STATUS_RIPV)
160 ),
161 MCESEV(
162 AR, "Action required: data load in error recoverable area of kernel",
163 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA),
164 KERNEL_RECOV
165 ),
166 MCESEV(
167 AR, "Action required: data load error in a user process",
168 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA),
169 USER
170 ),
171 MCESEV(
172 AR, "Action required: instruction fetch error in a user process",
173 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_INSTR),
174 USER
175 ),
176 MCESEV(
177 PANIC, "Data load in unrecoverable area of kernel",
178 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA),
179 KERNEL
180 ),
181 MCESEV(
182 PANIC, "Instruction fetch error in kernel",
183 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_INSTR),
184 KERNEL
185 ),
186 #endif
187 MCESEV(
188 PANIC, "Action required: unknown MCACOD",
189 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_SAR)
190 ),
191
192 MCESEV(
193 SOME, "Action optional: unknown MCACOD",
194 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_UC_S)
195 ),
196 MCESEV(
197 SOME, "Action optional with lost events",
198 SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR, MCI_STATUS_OVER|MCI_UC_S)
199 ),
200
201 MCESEV(
202 PANIC, "Overflowed uncorrected",
203 BITSET(MCI_STATUS_OVER|MCI_STATUS_UC)
204 ),
205 MCESEV(
206 UC, "Uncorrected",
207 BITSET(MCI_STATUS_UC)
208 ),
209 MCESEV(
210 SOME, "No match",
211 BITSET(0)
212 ) /* always matches. keep at end */
213 };
214
215 #define mc_recoverable(mcg) (((mcg) & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) == \
216 (MCG_STATUS_RIPV|MCG_STATUS_EIPV))
217
is_copy_from_user(struct pt_regs * regs)218 static bool is_copy_from_user(struct pt_regs *regs)
219 {
220 u8 insn_buf[MAX_INSN_SIZE];
221 unsigned long addr;
222 struct insn insn;
223 int ret;
224
225 if (copy_from_kernel_nofault(insn_buf, (void *)regs->ip, MAX_INSN_SIZE))
226 return false;
227
228 ret = insn_decode_kernel(&insn, insn_buf);
229 if (ret < 0)
230 return false;
231
232 switch (insn.opcode.value) {
233 /* MOV mem,reg */
234 case 0x8A: case 0x8B:
235 /* MOVZ mem,reg */
236 case 0xB60F: case 0xB70F:
237 addr = (unsigned long)insn_get_addr_ref(&insn, regs);
238 break;
239 /* REP MOVS */
240 case 0xA4: case 0xA5:
241 addr = regs->si;
242 break;
243 default:
244 return false;
245 }
246
247 if (fault_in_kernel_space(addr))
248 return false;
249
250 current->mce_vaddr = (void __user *)addr;
251
252 return true;
253 }
254
255 /*
256 * If mcgstatus indicated that ip/cs on the stack were
257 * no good, then "m->cs" will be zero and we will have
258 * to assume the worst case (IN_KERNEL) as we actually
259 * have no idea what we were executing when the machine
260 * check hit.
261 * If we do have a good "m->cs" (or a faked one in the
262 * case we were executing in VM86 mode) we can use it to
263 * distinguish an exception taken in user from from one
264 * taken in the kernel.
265 */
error_context(struct mce * m,struct pt_regs * regs)266 static int error_context(struct mce *m, struct pt_regs *regs)
267 {
268 if ((m->cs & 3) == 3)
269 return IN_USER;
270 if (!mc_recoverable(m->mcgstatus))
271 return IN_KERNEL;
272
273 switch (ex_get_fixup_type(m->ip)) {
274 case EX_TYPE_UACCESS:
275 case EX_TYPE_COPY:
276 if (!regs || !is_copy_from_user(regs))
277 return IN_KERNEL;
278 m->kflags |= MCE_IN_KERNEL_COPYIN;
279 fallthrough;
280 case EX_TYPE_FAULT_MCE_SAFE:
281 case EX_TYPE_DEFAULT_MCE_SAFE:
282 m->kflags |= MCE_IN_KERNEL_RECOV;
283 return IN_KERNEL_RECOV;
284 default:
285 return IN_KERNEL;
286 }
287 }
288
mce_severity_amd_smca(struct mce * m,enum context err_ctx)289 static int mce_severity_amd_smca(struct mce *m, enum context err_ctx)
290 {
291 u32 addr = MSR_AMD64_SMCA_MCx_CONFIG(m->bank);
292 u32 low, high;
293
294 /*
295 * We need to look at the following bits:
296 * - "succor" bit (data poisoning support), and
297 * - TCC bit (Task Context Corrupt)
298 * in MCi_STATUS to determine error severity.
299 */
300 if (!mce_flags.succor)
301 return MCE_PANIC_SEVERITY;
302
303 if (rdmsr_safe(addr, &low, &high))
304 return MCE_PANIC_SEVERITY;
305
306 /* TCC (Task context corrupt). If set and if IN_KERNEL, panic. */
307 if ((low & MCI_CONFIG_MCAX) &&
308 (m->status & MCI_STATUS_TCC) &&
309 (err_ctx == IN_KERNEL))
310 return MCE_PANIC_SEVERITY;
311
312 /* ...otherwise invoke hwpoison handler. */
313 return MCE_AR_SEVERITY;
314 }
315
316 /*
317 * See AMD Error Scope Hierarchy table in a newer BKDG. For example
318 * 49125_15h_Models_30h-3Fh_BKDG.pdf, section "RAS Features"
319 */
mce_severity_amd(struct mce * m,struct pt_regs * regs,int tolerant,char ** msg,bool is_excp)320 static int mce_severity_amd(struct mce *m, struct pt_regs *regs, int tolerant,
321 char **msg, bool is_excp)
322 {
323 enum context ctx = error_context(m, regs);
324
325 /* Processor Context Corrupt, no need to fumble too much, die! */
326 if (m->status & MCI_STATUS_PCC)
327 return MCE_PANIC_SEVERITY;
328
329 if (m->status & MCI_STATUS_UC) {
330
331 if (ctx == IN_KERNEL)
332 return MCE_PANIC_SEVERITY;
333
334 /*
335 * On older systems where overflow_recov flag is not present, we
336 * should simply panic if an error overflow occurs. If
337 * overflow_recov flag is present and set, then software can try
338 * to at least kill process to prolong system operation.
339 */
340 if (mce_flags.overflow_recov) {
341 if (mce_flags.smca)
342 return mce_severity_amd_smca(m, ctx);
343
344 /* kill current process */
345 return MCE_AR_SEVERITY;
346 } else {
347 /* at least one error was not logged */
348 if (m->status & MCI_STATUS_OVER)
349 return MCE_PANIC_SEVERITY;
350 }
351
352 /*
353 * For any other case, return MCE_UC_SEVERITY so that we log the
354 * error and exit #MC handler.
355 */
356 return MCE_UC_SEVERITY;
357 }
358
359 /*
360 * deferred error: poll handler catches these and adds to mce_ring so
361 * memory-failure can take recovery actions.
362 */
363 if (m->status & MCI_STATUS_DEFERRED)
364 return MCE_DEFERRED_SEVERITY;
365
366 /*
367 * corrected error: poll handler catches these and passes responsibility
368 * of decoding the error to EDAC
369 */
370 return MCE_KEEP_SEVERITY;
371 }
372
mce_severity_intel(struct mce * m,struct pt_regs * regs,int tolerant,char ** msg,bool is_excp)373 static int mce_severity_intel(struct mce *m, struct pt_regs *regs,
374 int tolerant, char **msg, bool is_excp)
375 {
376 enum exception excp = (is_excp ? EXCP_CONTEXT : NO_EXCP);
377 enum context ctx = error_context(m, regs);
378 struct severity *s;
379
380 for (s = severities;; s++) {
381 if ((m->status & s->mask) != s->result)
382 continue;
383 if ((m->mcgstatus & s->mcgmask) != s->mcgres)
384 continue;
385 if (s->ser == SER_REQUIRED && !mca_cfg.ser)
386 continue;
387 if (s->ser == NO_SER && mca_cfg.ser)
388 continue;
389 if (s->context && ctx != s->context)
390 continue;
391 if (s->excp && excp != s->excp)
392 continue;
393 if (s->cpu_model && boot_cpu_data.x86_model != s->cpu_model)
394 continue;
395 if (s->cpu_minstepping && boot_cpu_data.x86_stepping < s->cpu_minstepping)
396 continue;
397 if (s->bank_lo && (m->bank < s->bank_lo || m->bank > s->bank_hi))
398 continue;
399 if (msg)
400 *msg = s->msg;
401 s->covered = 1;
402 if (s->sev >= MCE_UC_SEVERITY && ctx == IN_KERNEL) {
403 if (tolerant < 1)
404 return MCE_PANIC_SEVERITY;
405 }
406 return s->sev;
407 }
408 }
409
mce_severity(struct mce * m,struct pt_regs * regs,int tolerant,char ** msg,bool is_excp)410 int mce_severity(struct mce *m, struct pt_regs *regs, int tolerant, char **msg,
411 bool is_excp)
412 {
413 if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
414 boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
415 return mce_severity_amd(m, regs, tolerant, msg, is_excp);
416 else
417 return mce_severity_intel(m, regs, tolerant, msg, is_excp);
418 }
419
420 #ifdef CONFIG_DEBUG_FS
s_start(struct seq_file * f,loff_t * pos)421 static void *s_start(struct seq_file *f, loff_t *pos)
422 {
423 if (*pos >= ARRAY_SIZE(severities))
424 return NULL;
425 return &severities[*pos];
426 }
427
s_next(struct seq_file * f,void * data,loff_t * pos)428 static void *s_next(struct seq_file *f, void *data, loff_t *pos)
429 {
430 if (++(*pos) >= ARRAY_SIZE(severities))
431 return NULL;
432 return &severities[*pos];
433 }
434
s_stop(struct seq_file * f,void * data)435 static void s_stop(struct seq_file *f, void *data)
436 {
437 }
438
s_show(struct seq_file * f,void * data)439 static int s_show(struct seq_file *f, void *data)
440 {
441 struct severity *ser = data;
442 seq_printf(f, "%d\t%s\n", ser->covered, ser->msg);
443 return 0;
444 }
445
446 static const struct seq_operations severities_seq_ops = {
447 .start = s_start,
448 .next = s_next,
449 .stop = s_stop,
450 .show = s_show,
451 };
452
severities_coverage_open(struct inode * inode,struct file * file)453 static int severities_coverage_open(struct inode *inode, struct file *file)
454 {
455 return seq_open(file, &severities_seq_ops);
456 }
457
severities_coverage_write(struct file * file,const char __user * ubuf,size_t count,loff_t * ppos)458 static ssize_t severities_coverage_write(struct file *file,
459 const char __user *ubuf,
460 size_t count, loff_t *ppos)
461 {
462 int i;
463 for (i = 0; i < ARRAY_SIZE(severities); i++)
464 severities[i].covered = 0;
465 return count;
466 }
467
468 static const struct file_operations severities_coverage_fops = {
469 .open = severities_coverage_open,
470 .release = seq_release,
471 .read = seq_read,
472 .write = severities_coverage_write,
473 .llseek = seq_lseek,
474 };
475
severities_debugfs_init(void)476 static int __init severities_debugfs_init(void)
477 {
478 struct dentry *dmce;
479
480 dmce = mce_get_debugfs_dir();
481
482 debugfs_create_file("severities-coverage", 0444, dmce, NULL,
483 &severities_coverage_fops);
484 return 0;
485 }
486 late_initcall(severities_debugfs_init);
487 #endif /* CONFIG_DEBUG_FS */
488