1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#include <sys/types.h>
27#include <sys/machsystm.h>
28#include <sys/sysmacros.h>
29#include <sys/cpuvar.h>
30#include <sys/async.h>
31#include <sys/ontrap.h>
32#include <sys/ddifm.h>
33#include <sys/hypervisor_api.h>
34#include <sys/errorq.h>
35#include <sys/promif.h>
36#include <sys/prom_plat.h>
37#include <sys/x_call.h>
38#include <sys/error.h>
39#include <sys/fm/util.h>
40#include <sys/ivintr.h>
41#include <sys/archsystm.h>
42
43#define	MAX_CE_FLTS		10
44#define	MAX_ASYNC_FLTS		6
45
46errorq_t *ue_queue;			/* queue of uncorrectable errors */
47errorq_t *ce_queue;			/* queue of correctable errors */
48errorq_t *errh_queue;			/* queue of sun4v error reports  */
49
50/*
51 * Being used by memory test driver.
52 * ce_verbose_memory - covers CEs in DIMMs
53 * ce_verbose_other - covers "others" (ecache, IO, etc.)
54 *
55 * If the value is 0, nothing is logged.
56 * If the value is 1, the error is logged to the log file, but not console.
57 * If the value is 2, the error is logged to the log file and console.
58 */
59int	ce_verbose_memory = 1;
60int	ce_verbose_other = 1;
61
62int	ce_show_data = 0;
63int	ce_debug = 0;
64int	ue_debug = 0;
65int	reset_debug = 0;
66
67/*
68 * Tunables for controlling the handling of asynchronous faults (AFTs). Setting
69 * these to non-default values on a non-DEBUG kernel is NOT supported.
70 */
71int	aft_verbose = 0;	/* log AFT messages > 1 to log only */
72int	aft_panic = 0;		/* panic (not reboot) on fatal usermode AFLT */
73int	aft_testfatal = 0;	/* force all AFTs to panic immediately */
74
75/*
76 * Used for vbsc hostshutdown (power-off button)
77 */
78int	err_shutdown_triggered = 0;	/* only once */
79uint64_t err_shutdown_inum = 0;	/* used to pull the trigger */
80
81/*
82 * Used to print NRE/RE via system variable or kmdb
83 */
84int		printerrh = 0;		/* see /etc/system */
85static void	errh_er_print(errh_er_t *, const char *);
86kmutex_t	errh_print_lock;
87
88/*
89 * Defined in bus_func.c but initialised in error_init
90 */
91extern kmutex_t bfd_lock;
92
93static uint32_t rq_overflow_count = 0;		/* counter for rq overflow */
94
95static void cpu_queue_one_event(errh_async_flt_t *);
96static uint32_t count_entries_on_queue(uint64_t, uint64_t, uint32_t);
97static void errh_page_retire(errh_async_flt_t *, uchar_t);
98static int errh_error_protected(struct regs *, struct async_flt *, int *);
99static void errh_rq_full(struct async_flt *);
100static void ue_drain(void *, struct async_flt *, errorq_elem_t *);
101static void ce_drain(void *, struct async_flt *, errorq_elem_t *);
102static void errh_drain(void *, errh_er_t *, errorq_elem_t *);
103static void errh_handle_attr(errh_async_flt_t *);
104static void errh_handle_asr(errh_async_flt_t *);
105static void errh_handle_sp(errh_er_t *);
106static void sp_ereport_post(uint8_t);
107
108/*ARGSUSED*/
109void
110process_resumable_error(struct regs *rp, uint32_t head_offset,
111    uint32_t tail_offset)
112{
113	struct machcpu *mcpup;
114	struct async_flt *aflt;
115	errh_async_flt_t errh_flt;
116	errh_er_t *head_va;
117
118	mcpup = &(CPU->cpu_m);
119
120	while (head_offset != tail_offset) {
121		/* kernel buffer starts right after the resumable queue */
122		head_va = (errh_er_t *)(mcpup->cpu_rq_va + head_offset +
123		    CPU_RQ_SIZE);
124		/* Copy the error report to local buffer */
125		bzero(&errh_flt, sizeof (errh_async_flt_t));
126		bcopy((char *)head_va, &(errh_flt.errh_er),
127		    sizeof (errh_er_t));
128
129		mcpup->cpu_rq_lastre = head_va;
130		if (printerrh)
131			errh_er_print(&errh_flt.errh_er, "RQ");
132
133		/* Increment the queue head */
134		head_offset += Q_ENTRY_SIZE;
135		/* Wrap around */
136		head_offset &= (CPU_RQ_SIZE - 1);
137
138		/* set error handle to zero so it can hold new error report */
139		head_va->ehdl = 0;
140
141		switch (errh_flt.errh_er.desc) {
142		case ERRH_DESC_UCOR_RE:
143			/*
144			 * Check error attribute, handle individual error
145			 * if it is needed.
146			 */
147			errh_handle_attr(&errh_flt);
148			break;
149
150		case ERRH_DESC_WARN_RE:
151			/*
152			 * Power-off requested, but handle it one time only.
153			 */
154			if (!err_shutdown_triggered) {
155				setsoftint(err_shutdown_inum);
156				++err_shutdown_triggered;
157			}
158			continue;
159
160		case ERRH_DESC_SP:
161			/*
162			 * The state of the SP has changed.
163			 */
164			errorq_dispatch(errh_queue, &errh_flt.errh_er,
165			    sizeof (errh_er_t), ERRORQ_ASYNC);
166			continue;
167
168		default:
169			cmn_err(CE_WARN, "Error Descriptor 0x%llx "
170			    " invalid in resumable error handler",
171			    (long long) errh_flt.errh_er.desc);
172			continue;
173		}
174
175		aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt);
176		aflt->flt_id = gethrtime();
177		aflt->flt_bus_id = getprocessorid();
178		aflt->flt_class = CPU_FAULT;
179		aflt->flt_prot = AFLT_PROT_NONE;
180		aflt->flt_priv = (((errh_flt.errh_er.attr & ERRH_MODE_MASK)
181		    >> ERRH_MODE_SHIFT) == ERRH_MODE_PRIV);
182
183		if (errh_flt.errh_er.attr & ERRH_ATTR_CPU)
184			/* If it is an error on other cpu */
185			aflt->flt_panic = 1;
186		else
187			aflt->flt_panic = 0;
188
189		/*
190		 * Handle resumable queue full case.
191		 */
192		if (errh_flt.errh_er.attr & ERRH_ATTR_RQF) {
193			(void) errh_rq_full(aflt);
194		}
195
196		/*
197		 * Queue the error on ce or ue queue depend on flt_panic.
198		 * Even if flt_panic is set, the code still keep processing
199		 * the rest element on rq until the panic starts.
200		 */
201		(void) cpu_queue_one_event(&errh_flt);
202
203		/*
204		 * Panic here if aflt->flt_panic has been set.
205		 * Enqueued errors will be logged as part of the panic flow.
206		 */
207		if (aflt->flt_panic) {
208			fm_panic("Unrecoverable error on another CPU");
209		}
210	}
211}
212
213void
214process_nonresumable_error(struct regs *rp, uint64_t flags,
215    uint32_t head_offset, uint32_t tail_offset)
216{
217	struct machcpu *mcpup;
218	struct async_flt *aflt;
219	errh_async_flt_t errh_flt;
220	errh_er_t *head_va;
221	int trampolined = 0;
222	int expected = DDI_FM_ERR_UNEXPECTED;
223	uint64_t exec_mode;
224	uint8_t u_spill_fill;
225
226	mcpup = &(CPU->cpu_m);
227
228	while (head_offset != tail_offset) {
229		/* kernel buffer starts right after the nonresumable queue */
230		head_va = (errh_er_t *)(mcpup->cpu_nrq_va + head_offset +
231		    CPU_NRQ_SIZE);
232
233		/* Copy the error report to local buffer */
234		bzero(&errh_flt, sizeof (errh_async_flt_t));
235
236		bcopy((char *)head_va, &(errh_flt.errh_er),
237		    sizeof (errh_er_t));
238
239		mcpup->cpu_nrq_lastnre = head_va;
240		if (printerrh)
241			errh_er_print(&errh_flt.errh_er, "NRQ");
242
243		/* Increment the queue head */
244		head_offset += Q_ENTRY_SIZE;
245		/* Wrap around */
246		head_offset &= (CPU_NRQ_SIZE - 1);
247
248		/* set error handle to zero so it can hold new error report */
249		head_va->ehdl = 0;
250
251		aflt = (struct async_flt *)&(errh_flt.cmn_asyncflt);
252
253		trampolined = 0;
254
255		if (errh_flt.errh_er.attr & ERRH_ATTR_PIO)
256			aflt->flt_class = BUS_FAULT;
257		else
258			aflt->flt_class = CPU_FAULT;
259
260		aflt->flt_id = gethrtime();
261		aflt->flt_bus_id = getprocessorid();
262		aflt->flt_pc = (caddr_t)rp->r_pc;
263		exec_mode = (errh_flt.errh_er.attr & ERRH_MODE_MASK)
264		    >> ERRH_MODE_SHIFT;
265		aflt->flt_priv = (exec_mode == ERRH_MODE_PRIV ||
266		    exec_mode == ERRH_MODE_UNKNOWN);
267		aflt->flt_prot = AFLT_PROT_NONE;
268		aflt->flt_tl = (uchar_t)(flags & ERRH_TL_MASK);
269		aflt->flt_panic = ((aflt->flt_tl != 0) ||
270		    (aft_testfatal != 0));
271
272		/*
273		 * For the first error packet on the queue, check if it
274		 * happened in user fill/spill trap.
275		 */
276		if (flags & ERRH_U_SPILL_FILL) {
277			u_spill_fill = 1;
278			/* clear the user fill/spill flag in flags */
279			flags = (uint64_t)aflt->flt_tl;
280		} else
281			u_spill_fill = 0;
282
283		switch (errh_flt.errh_er.desc) {
284		case ERRH_DESC_PR_NRE:
285			if (u_spill_fill) {
286				aflt->flt_panic = 0;
287				break;
288			}
289			/*
290			 * Fall through, precise fault also need to check
291			 * to see if it was protected.
292			 */
293			/*FALLTHRU*/
294
295		case ERRH_DESC_DEF_NRE:
296			/*
297			 * If the trap occurred in privileged mode at TL=0,
298			 * we need to check to see if we were executing
299			 * in kernel under on_trap() or t_lofault
300			 * protection. If so, and if it was a PIO or MEM
301			 * error, then modify the saved registers so that
302			 * we return from the trap to the appropriate
303			 * trampoline routine.
304			 */
305			if (aflt->flt_priv == 1 && aflt->flt_tl == 0 &&
306			    ((errh_flt.errh_er.attr & ERRH_ATTR_PIO) ||
307			    (errh_flt.errh_er.attr & ERRH_ATTR_MEM))) {
308				trampolined =
309				    errh_error_protected(rp, aflt, &expected);
310			}
311
312			if (!aflt->flt_priv || aflt->flt_prot ==
313			    AFLT_PROT_COPY) {
314				aflt->flt_panic |= aft_panic;
315			} else if (!trampolined &&
316			    (aflt->flt_class != BUS_FAULT)) {
317				aflt->flt_panic = 1;
318			}
319
320			/*
321			 * Check error attribute, handle individual error
322			 * if it is needed.
323			 */
324			errh_handle_attr(&errh_flt);
325
326			/*
327			 * If PIO error, we need to query the bus nexus
328			 * for fatal errors.
329			 */
330			if (aflt->flt_class == BUS_FAULT) {
331				aflt->flt_addr = errh_flt.errh_er.ra;
332				errh_cpu_run_bus_error_handlers(aflt,
333				    expected);
334			}
335
336			break;
337
338		case ERRH_DESC_USER_DCORE:
339			/*
340			 * User generated panic. Call panic directly
341			 * since there are no FMA e-reports to
342			 * display.
343			 */
344
345			panic("Panic - Generated at user request");
346
347			break;
348
349		default:
350			cmn_err(CE_WARN, "Panic - Error Descriptor 0x%llx "
351			    " invalid in non-resumable error handler",
352			    (long long) errh_flt.errh_er.desc);
353			aflt->flt_panic = 1;
354			break;
355		}
356
357		/*
358		 * Queue the error report for further processing. If
359		 * flt_panic is set, code still process other errors
360		 * in the queue until the panic routine stops the
361		 * kernel.
362		 */
363		(void) cpu_queue_one_event(&errh_flt);
364
365		/*
366		 * Panic here if aflt->flt_panic has been set.
367		 * Enqueued errors will be logged as part of the panic flow.
368		 */
369		if (aflt->flt_panic) {
370			fm_panic("Unrecoverable hardware error");
371		}
372
373		/*
374		 * Call page_retire() to handle memory errors.
375		 */
376		if (errh_flt.errh_er.attr & ERRH_ATTR_MEM)
377			errh_page_retire(&errh_flt, PR_UE);
378
379		/*
380		 * If we queued an error and the it was in user mode, or
381		 * protected by t_lofault, or user_spill_fill is set, we
382		 * set AST flag so the queue will be drained before
383		 * returning to user mode.
384		 */
385		if (!aflt->flt_priv || aflt->flt_prot == AFLT_PROT_COPY ||
386		    u_spill_fill) {
387			int pcb_flag = 0;
388
389			if (aflt->flt_class == CPU_FAULT)
390				pcb_flag |= ASYNC_HWERR;
391			else if (aflt->flt_class == BUS_FAULT)
392				pcb_flag |= ASYNC_BERR;
393
394			ttolwp(curthread)->lwp_pcb.pcb_flags |= pcb_flag;
395			aston(curthread);
396		}
397	}
398}
399
400/*
401 * For PIO errors, this routine calls nexus driver's error
402 * callback routines. If the callback routine returns fatal, and
403 * we are in kernel or unknow mode without any error protection,
404 * we need to turn on the panic flag.
405 */
406void
407errh_cpu_run_bus_error_handlers(struct async_flt *aflt, int expected)
408{
409	int status;
410	ddi_fm_error_t de;
411
412	bzero(&de, sizeof (ddi_fm_error_t));
413
414	de.fme_version = DDI_FME_VERSION;
415	de.fme_ena = fm_ena_generate(aflt->flt_id, FM_ENA_FMT1);
416	de.fme_flag = expected;
417	de.fme_bus_specific = (void *)aflt->flt_addr;
418	status = ndi_fm_handler_dispatch(ddi_root_node(), NULL, &de);
419
420	/*
421	 * If error is protected, it will jump to proper routine
422	 * to handle the handle; if it is in user level, we just
423	 * kill the user process; if the driver thinks the error is
424	 * not fatal, we can drive on. If none of above are true,
425	 * we panic
426	 */
427	if ((aflt->flt_prot == AFLT_PROT_NONE) && (aflt->flt_priv == 1) &&
428	    (status == DDI_FM_FATAL))
429		aflt->flt_panic = 1;
430}
431
432/*
433 * This routine checks to see if we are under any error protection when
434 * the error happens. If we are under error protection, we unwind to
435 * the protection and indicate fault.
436 */
437static int
438errh_error_protected(struct regs *rp, struct async_flt *aflt, int *expected)
439{
440	int trampolined = 0;
441	ddi_acc_hdl_t *hp;
442
443	if (curthread->t_ontrap != NULL) {
444		on_trap_data_t *otp = curthread->t_ontrap;
445
446		if (otp->ot_prot & OT_DATA_EC) {
447			aflt->flt_prot = AFLT_PROT_EC;
448			otp->ot_trap |= OT_DATA_EC;
449			rp->r_pc = otp->ot_trampoline;
450			rp->r_npc = rp->r_pc +4;
451			trampolined = 1;
452		}
453
454		if (otp->ot_prot & OT_DATA_ACCESS) {
455			aflt->flt_prot = AFLT_PROT_ACCESS;
456			otp->ot_trap |= OT_DATA_ACCESS;
457			rp->r_pc = otp->ot_trampoline;
458			rp->r_npc = rp->r_pc + 4;
459			trampolined = 1;
460			/*
461			 * for peek and caut_gets
462			 * errors are expected
463			 */
464			hp = (ddi_acc_hdl_t *)otp->ot_handle;
465			if (!hp)
466				*expected = DDI_FM_ERR_PEEK;
467			else if (hp->ah_acc.devacc_attr_access ==
468			    DDI_CAUTIOUS_ACC)
469				*expected = DDI_FM_ERR_EXPECTED;
470		}
471	} else if (curthread->t_lofault) {
472		aflt->flt_prot = AFLT_PROT_COPY;
473		rp->r_g1 = EFAULT;
474		rp->r_pc = curthread->t_lofault;
475		rp->r_npc = rp->r_pc + 4;
476		trampolined = 1;
477	}
478
479	return (trampolined);
480}
481
482/*
483 * Queue one event.
484 */
485static void
486cpu_queue_one_event(errh_async_flt_t *errh_fltp)
487{
488	struct async_flt *aflt = (struct async_flt *)errh_fltp;
489	errorq_t *eqp;
490
491	if (aflt->flt_panic)
492		eqp = ue_queue;
493	else
494		eqp = ce_queue;
495
496	errorq_dispatch(eqp, errh_fltp, sizeof (errh_async_flt_t),
497	    aflt->flt_panic);
498}
499
500/*
501 * The cpu_async_log_err() function is called by the ce/ue_drain() function to
502 * handle logging for CPU events that are dequeued.  As such, it can be invoked
503 * from softint context, from AST processing in the trap() flow, or from the
504 * panic flow.  We decode the CPU-specific data, and log appropriate messages.
505 */
506void
507cpu_async_log_err(void *flt)
508{
509	errh_async_flt_t *errh_fltp = (errh_async_flt_t *)flt;
510	errh_er_t *errh_erp = (errh_er_t *)&errh_fltp->errh_er;
511
512	switch (errh_erp->desc) {
513	case ERRH_DESC_UCOR_RE:
514		if (errh_erp->attr & ERRH_ATTR_MEM) {
515			/*
516			 * Turn on the PR_UE flag. The page will be
517			 * scrubbed when it is freed.
518			 */
519			errh_page_retire(errh_fltp, PR_UE);
520		}
521
522		break;
523
524	case ERRH_DESC_PR_NRE:
525	case ERRH_DESC_DEF_NRE:
526		if (errh_erp->attr & ERRH_ATTR_MEM) {
527			/*
528			 * For non-resumable memory error, retire
529			 * the page here.
530			 */
531			errh_page_retire(errh_fltp, PR_UE);
532
533			/*
534			 * If we are going to panic, scrub the page first
535			 */
536			if (errh_fltp->cmn_asyncflt.flt_panic)
537				mem_scrub(errh_fltp->errh_er.ra,
538				    errh_fltp->errh_er.sz);
539		}
540		break;
541
542	default:
543		break;
544	}
545}
546
547/*
548 * Called from ce_drain().
549 */
550void
551cpu_ce_log_err(struct async_flt *aflt)
552{
553	switch (aflt->flt_class) {
554	case CPU_FAULT:
555		cpu_async_log_err(aflt);
556		break;
557
558	case BUS_FAULT:
559		cpu_async_log_err(aflt);
560		break;
561
562	default:
563		break;
564	}
565}
566
567/*
568 * Called from ue_drain().
569 */
570void
571cpu_ue_log_err(struct async_flt *aflt)
572{
573	switch (aflt->flt_class) {
574	case CPU_FAULT:
575		cpu_async_log_err(aflt);
576		break;
577
578	case BUS_FAULT:
579		cpu_async_log_err(aflt);
580		break;
581
582	default:
583		break;
584	}
585}
586
587/*
588 * Turn on flag on the error memory region.
589 */
590static void
591errh_page_retire(errh_async_flt_t *errh_fltp, uchar_t flag)
592{
593	uint64_t flt_real_addr_start = errh_fltp->errh_er.ra;
594	uint64_t flt_real_addr_end = flt_real_addr_start +
595	    errh_fltp->errh_er.sz - 1;
596	int64_t current_addr;
597
598	if (errh_fltp->errh_er.sz == 0)
599		return;
600
601	for (current_addr = flt_real_addr_start;
602	    current_addr < flt_real_addr_end; current_addr += MMU_PAGESIZE) {
603		(void) page_retire(current_addr, flag);
604	}
605}
606
607void
608mem_scrub(uint64_t paddr, uint64_t len)
609{
610	uint64_t pa, length, scrubbed_len;
611
612	pa = paddr;
613	length = len;
614	scrubbed_len = 0;
615
616	while (length > 0) {
617		if (hv_mem_scrub(pa, length, &scrubbed_len) != H_EOK)
618			break;
619
620		pa += scrubbed_len;
621		length -= scrubbed_len;
622	}
623}
624
625/*
626 * Call hypervisor to flush the memory region.
627 * Both va and len must be MMU_PAGESIZE aligned.
628 * Returns the total number of bytes flushed.
629 */
630uint64_t
631mem_sync(caddr_t orig_va, size_t orig_len)
632{
633	uint64_t pa, length, flushed;
634	uint64_t chunk_len = MMU_PAGESIZE;
635	uint64_t total_flushed = 0;
636	uint64_t va, len;
637
638	if (orig_len == 0)
639		return (total_flushed);
640
641	/* align va */
642	va = P2ALIGN_TYPED(orig_va, MMU_PAGESIZE, uint64_t);
643	/* round up len to MMU_PAGESIZE aligned */
644	len = P2ROUNDUP_TYPED(orig_va + orig_len, MMU_PAGESIZE, uint64_t) - va;
645
646	while (len > 0) {
647		pa = va_to_pa((caddr_t)va);
648		if (pa == (uint64_t)-1)
649			return (total_flushed);
650
651		length = chunk_len;
652		flushed = 0;
653
654		while (length > 0) {
655			if (hv_mem_sync(pa, length, &flushed) != H_EOK)
656				return (total_flushed);
657
658			pa += flushed;
659			length -= flushed;
660			total_flushed += flushed;
661		}
662
663		va += chunk_len;
664		len -= chunk_len;
665	}
666
667	return (total_flushed);
668}
669
670/*
671 * If resumable queue is full, we need to check if any cpu is in
672 * error state. If not, we drive on. If yes, we need to panic. The
673 * hypervisor call hv_cpu_state() is being used for checking the
674 * cpu state.  And reset %tick_compr in case tick-compare was lost.
675 */
676static void
677errh_rq_full(struct async_flt *afltp)
678{
679	processorid_t who;
680	uint64_t cpu_state;
681	uint64_t retval;
682	uint64_t current_tick;
683
684	current_tick = (uint64_t)gettick();
685	tickcmpr_set(current_tick);
686
687	for (who = 0; who < NCPU; who++)
688		if (CPU_IN_SET(cpu_ready_set, who)) {
689			retval = hv_cpu_state(who, &cpu_state);
690			if (retval != H_EOK || cpu_state == CPU_STATE_ERROR) {
691				afltp->flt_panic = 1;
692				break;
693			}
694		}
695}
696
697/*
698 * Return processor specific async error structure
699 * size used.
700 */
701int
702cpu_aflt_size(void)
703{
704	return (sizeof (errh_async_flt_t));
705}
706
707#define	SZ_TO_ETRS_SHIFT	6
708
709/*
710 * Message print out when resumable queue is overflown
711 */
712/*ARGSUSED*/
713void
714rq_overflow(struct regs *rp, uint64_t head_offset,
715    uint64_t tail_offset)
716{
717	rq_overflow_count++;
718}
719
720/*
721 * Handler to process a fatal error.  This routine can be called from a
722 * softint, called from trap()'s AST handling, or called from the panic flow.
723 */
724/*ARGSUSED*/
725static void
726ue_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep)
727{
728	cpu_ue_log_err(aflt);
729}
730
731/*
732 * Handler to process a correctable error.  This routine can be called from a
733 * softint.  We just call the CPU module's logging routine.
734 */
735/*ARGSUSED*/
736static void
737ce_drain(void *ignored, struct async_flt *aflt, errorq_elem_t *eqep)
738{
739	cpu_ce_log_err(aflt);
740}
741
742/*
743 * Handler to process a sun4v errort report via an errorq_t.  This routine
744 * can be called from a softint.
745 *
746 * This is used for sun4v error reports that cannot be processed at high-level
747 * interrupt time.  Currently only error reports indicating an SP state change
748 * are handled in this manner.
749 */
750/*ARGSUSED*/
751static void
752errh_drain(void *ignored, errh_er_t *errh_erp, errorq_elem_t *eqep)
753{
754	ASSERT(errh_erp->desc == ERRH_DESC_SP);
755
756	errh_handle_sp(errh_erp);
757}
758
759/*
760 * Handler to process vbsc hostshutdown (power-off button).
761 */
762static int
763err_shutdown_softintr()
764{
765	cmn_err(CE_WARN, "Power-off requested, system will now shutdown.");
766	do_shutdown();
767
768	/*
769	 * just in case do_shutdown() fails
770	 */
771	(void) timeout((void(*)(void *))power_down, NULL, 100 * hz);
772	return (DDI_INTR_CLAIMED);
773}
774
775/*
776 * Allocate error queue sizes based on max_ncpus.  max_ncpus is set just
777 * after ncpunode has been determined.  ncpus is set in start_other_cpus
778 * which is called after error_init() but may change dynamically.
779 */
780void
781error_init(void)
782{
783	char tmp_name[MAXSYSNAME];
784	pnode_t node;
785	size_t size = cpu_aflt_size();
786
787	/*
788	 * Initialize the correctable and uncorrectable error queues.
789	 */
790	ue_queue = errorq_create("ue_queue", (errorq_func_t)ue_drain, NULL,
791	    MAX_ASYNC_FLTS * (max_ncpus + 1), size, PIL_2, ERRORQ_VITAL);
792
793	ce_queue = errorq_create("ce_queue", (errorq_func_t)ce_drain, NULL,
794	    MAX_CE_FLTS * (max_ncpus + 1), size, PIL_1, 0);
795
796	errh_queue = errorq_create("errh_queue", (errorq_func_t)errh_drain,
797	    NULL, CPU_RQ_ENTRIES, sizeof (errh_er_t), PIL_1, 0);
798
799	if (ue_queue == NULL || ce_queue == NULL || errh_queue == NULL)
800		panic("failed to create required system error queue");
801
802	/*
803	 * Setup interrupt handler for power-off button.
804	 */
805	err_shutdown_inum = add_softintr(PIL_9,
806	    (softintrfunc)err_shutdown_softintr, NULL, SOFTINT_ST);
807
808	/*
809	 * Initialize the busfunc list mutex.  This must be a PIL_15 spin lock
810	 * because we will need to acquire it from cpu_async_error().
811	 */
812	mutex_init(&bfd_lock, NULL, MUTEX_SPIN, (void *)PIL_15);
813
814	/* Only allow one cpu at a time to dump errh errors. */
815	mutex_init(&errh_print_lock, NULL, MUTEX_SPIN, (void *)PIL_15);
816
817	node = prom_rootnode();
818	if ((node == OBP_NONODE) || (node == OBP_BADNODE)) {
819		cmn_err(CE_CONT, "error_init: node 0x%x\n", (uint_t)node);
820		return;
821	}
822
823	if (((size = prom_getproplen(node, "reset-reason")) != -1) &&
824	    (size <= MAXSYSNAME) &&
825	    (prom_getprop(node, "reset-reason", tmp_name) != -1)) {
826		if (reset_debug) {
827			cmn_err(CE_CONT, "System booting after %s\n", tmp_name);
828		} else if (strncmp(tmp_name, "FATAL", 5) == 0) {
829			cmn_err(CE_CONT,
830			    "System booting after fatal error %s\n", tmp_name);
831		}
832	}
833}
834
835/*
836 * Nonresumable queue is full, panic here
837 */
838/*ARGSUSED*/
839void
840nrq_overflow(struct regs *rp)
841{
842	fm_panic("Nonresumable queue full");
843}
844
845/*
846 * This is the place for special error handling for individual errors.
847 */
848static void
849errh_handle_attr(errh_async_flt_t *errh_fltp)
850{
851	switch (errh_fltp->errh_er.attr & ~ERRH_MODE_MASK) {
852	case ERRH_ATTR_CPU:
853	case ERRH_ATTR_MEM:
854	case ERRH_ATTR_PIO:
855	case ERRH_ATTR_IRF:
856	case ERRH_ATTR_FRF:
857	case ERRH_ATTR_SHUT:
858		break;
859
860	case ERRH_ATTR_ASR:
861		errh_handle_asr(errh_fltp);
862		break;
863
864	case ERRH_ATTR_ASI:
865	case ERRH_ATTR_PREG:
866	case ERRH_ATTR_RQF:
867		break;
868
869	default:
870		break;
871	}
872}
873
874/*
875 * Handle ASR bit set in ATTR
876 */
877static void
878errh_handle_asr(errh_async_flt_t *errh_fltp)
879{
880	uint64_t current_tick;
881
882	switch (errh_fltp->errh_er.reg) {
883	case ASR_REG_VALID | ASR_REG_TICK:
884		/*
885		 * For Tick Compare Register error, it only happens when
886		 * the register is being read or compared with the %tick
887		 * register. Since we lost the contents of the register,
888		 * we set the %tick_compr in the future. An interrupt will
889		 * happen when %tick matches the value field of %tick_compr.
890		 */
891		current_tick = (uint64_t)gettick();
892		tickcmpr_set(current_tick);
893		/* Do not panic */
894		errh_fltp->cmn_asyncflt.flt_panic = 0;
895		break;
896
897	default:
898		break;
899	}
900}
901
902/*
903 * Handle a SP state change.
904 */
905static void
906errh_handle_sp(errh_er_t *errh_erp)
907{
908	uint8_t		sp_state;
909
910	sp_state = (errh_erp->attr & ERRH_SP_MASK) >> ERRH_SP_SHIFT;
911
912	sp_ereport_post(sp_state);
913}
914
915/*
916 * Dump the error packet
917 */
918/*ARGSUSED*/
919static void
920errh_er_print(errh_er_t *errh_erp, const char *queue)
921{
922	typedef union {
923		uint64_t w;
924		uint16_t s[4];
925	} errhp_t;
926	errhp_t *p = (errhp_t *)errh_erp;
927	int i;
928
929	mutex_enter(&errh_print_lock);
930	switch (errh_erp->desc) {
931	case ERRH_DESC_UCOR_RE:
932		cmn_err(CE_CONT, "\nResumable Uncorrectable Error ");
933		break;
934	case ERRH_DESC_PR_NRE:
935		cmn_err(CE_CONT, "\nNonresumable Precise Error ");
936		break;
937	case ERRH_DESC_DEF_NRE:
938		cmn_err(CE_CONT, "\nNonresumable Deferred Error ");
939		break;
940	default:
941		cmn_err(CE_CONT, "\nError packet ");
942		break;
943	}
944	cmn_err(CE_CONT, "received on %s\n", queue);
945
946	/*
947	 * Print Q_ENTRY_SIZE bytes of epacket with 8 bytes per line
948	 */
949	for (i = Q_ENTRY_SIZE; i > 0; i -= 8, ++p) {
950		cmn_err(CE_CONT, "%016lx: %04x %04x %04x %04x\n", (uint64_t)p,
951		    p->s[0], p->s[1], p->s[2], p->s[3]);
952	}
953	mutex_exit(&errh_print_lock);
954}
955
956static void
957sp_ereport_post(uint8_t sp_state)
958{
959	nvlist_t	*ereport, *detector;
960	char		*str = NULL;
961
962	switch (sp_state) {
963	case ERRH_SP_FAULTED:
964		str = "chassis.sp.unavailable";
965		break;
966
967	case ERRH_SP_NOT_PRESENT:
968		/*
969		 * It is expected that removal of the SP will be undertaken
970		 * in response to an existing service action.  Diagnosing
971		 * a fault in response to notification that the SP is
972		 * missing is therefore undesired.  In the future the fault
973		 * management architecture may be updated to support more
974		 * appropriate alert events.  When that happens this code
975		 * should be revisited.
976		 */
977		return;
978
979	case ERRH_SP_AVAILABLE:
980		/*
981		 * Hypervisor does not send an epkt for this case
982		 * so this should never happen.
983		 */
984		cmn_err(CE_WARN, "Received unexpected notification "
985		    "that the SP is available.");
986		return;
987
988	default:
989		cmn_err(CE_WARN, "Invalid SP state 0x%x. No ereport posted.\n",
990		    sp_state);
991		return;
992	}
993
994	ereport = fm_nvlist_create(NULL);
995	detector = fm_nvlist_create(NULL);
996
997	/*
998	 * Create an HC-scheme detector FMRI.
999	 */
1000	fm_fmri_hc_set(detector, FM_HC_SCHEME_VERSION, NULL, NULL, 1,
1001	    "chassis", 0);
1002
1003	fm_ereport_set(ereport, FM_EREPORT_VERSION, str,
1004	    fm_ena_generate(0, FM_ENA_FMT1), detector, NULL);
1005
1006	(void) fm_ereport_post(ereport, EVCH_TRYHARD);
1007
1008	fm_nvlist_destroy(ereport, FM_NVA_FREE);
1009	fm_nvlist_destroy(detector, FM_NVA_FREE);
1010}
1011