1/******************************************************************************
2 * arch-x86/mca.h
3 *
4 * Contributed by Advanced Micro Devices, Inc.
5 * Author: Christoph Egger <Christoph.Egger@amd.com>
6 *
7 * Guest OS machine check interface to x86 Xen.
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a copy
10 * of this software and associated documentation files (the "Software"), to
11 * deal in the Software without restriction, including without limitation the
12 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
13 * sell copies of the Software, and to permit persons to whom the Software is
14 * furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
25 * DEALINGS IN THE SOFTWARE.
26 */
27
28/* Full MCA functionality has the following Usecases from the guest side:
29 *
30 * Must have's:
31 * 1. Dom0 and DomU register machine check trap callback handlers
32 *    (already done via "set_trap_table" hypercall)
33 * 2. Dom0 registers machine check event callback handler
34 *    (doable via EVTCHNOP_bind_virq)
35 * 3. Dom0 and DomU fetches machine check data
36 * 4. Dom0 wants Xen to notify a DomU
37 * 5. Dom0 gets DomU ID from physical address
38 * 6. Dom0 wants Xen to kill DomU (already done for "xm destroy")
39 *
40 * Nice to have's:
41 * 7. Dom0 wants Xen to deactivate a physical CPU
42 *    This is better done as separate task, physical CPU hotplugging,
43 *    and hypercall(s) should be sysctl's
44 * 8. Page migration proposed from Xen NUMA work, where Dom0 can tell Xen to
45 *    move a DomU (or Dom0 itself) away from a malicious page
46 *    producing correctable errors.
47 * 9. offlining physical page:
48 *    Xen free's and never re-uses a certain physical page.
49 * 10. Testfacility: Allow Dom0 to write values into machine check MSR's
50 *     and tell Xen to trigger a machine check
51 */
52
53#ifndef __XEN_PUBLIC_ARCH_X86_MCA_H__
54#define __XEN_PUBLIC_ARCH_X86_MCA_H__
55
56/* Hypercall */
57#define __HYPERVISOR_mca __HYPERVISOR_arch_0
58
59/*
60 * The xen-unstable repo has interface version 0x03000001; out interface
61 * is incompatible with that and any future minor revisions, so we
62 * choose a different version number range that is numerically less
63 * than that used in xen-unstable.
64 */
65#define XEN_MCA_INTERFACE_VERSION 0x01ecc003
66
67/* IN: Dom0 calls hypercall to retrieve nonurgent telemetry */
68#define XEN_MC_NONURGENT  0x0001
69/* IN: Dom0/DomU calls hypercall to retrieve urgent telemetry */
70#define XEN_MC_URGENT     0x0002
71/* IN: Dom0 acknowledges previosly-fetched telemetry */
72#define XEN_MC_ACK        0x0004
73
74/* OUT: All is ok */
75#define XEN_MC_OK           0x0
76/* OUT: Domain could not fetch data. */
77#define XEN_MC_FETCHFAILED  0x1
78/* OUT: There was no machine check data to fetch. */
79#define XEN_MC_NODATA       0x2
80/* OUT: Between notification time and this hypercall an other
81 *  (most likely) correctable error happened. The fetched data,
82 *  does not match the original machine check data. */
83#define XEN_MC_NOMATCH      0x4
84
85/* OUT: DomU did not register MC NMI handler. Try something else. */
86#define XEN_MC_CANNOTHANDLE 0x8
87/* OUT: Notifying DomU failed. Retry later or try something else. */
88#define XEN_MC_NOTDELIVERED 0x10
89/* Note, XEN_MC_CANNOTHANDLE and XEN_MC_NOTDELIVERED are mutually exclusive. */
90
91
92#ifndef __ASSEMBLY__
93
94#define VIRQ_MCA VIRQ_ARCH_0 /* G. (DOM0) Machine Check Architecture */
95
96/*
97 * Machine Check Architecure:
98 * structs are read-only and used to report all kinds of
99 * correctable and uncorrectable errors detected by the HW.
100 * Dom0 and DomU: register a handler to get notified.
101 * Dom0 only: Correctable errors are reported via VIRQ_MCA
102 * Dom0 and DomU: Uncorrectable errors are reported via nmi handlers
103 */
104#define MC_TYPE_GLOBAL          0
105#define MC_TYPE_BANK            1
106#define MC_TYPE_EXTENDED        2
107#define MC_TYPE_RECOVERY        3
108
109struct mcinfo_common {
110    uint16_t type;      /* structure type */
111    uint16_t size;      /* size of this struct in bytes */
112};
113
114
115#define MC_FLAG_CORRECTABLE     (1 << 0)
116#define MC_FLAG_UNCORRECTABLE   (1 << 1)
117#define MC_FLAG_RECOVERABLE	(1 << 2)
118#define MC_FLAG_POLLED		(1 << 3)
119#define MC_FLAG_RESET		(1 << 4)
120#define MC_FLAG_CMCI		(1 << 5)
121#define MC_FLAG_MCE		(1 << 6)
122/* contains global x86 mc information */
123struct mcinfo_global {
124    struct mcinfo_common common;
125
126    /* running domain at the time in error (most likely the impacted one) */
127    uint16_t mc_domid;
128    uint16_t mc_vcpuid; /* virtual cpu scheduled for mc_domid */
129    uint32_t mc_socketid; /* physical socket of the physical core */
130    uint16_t mc_coreid; /* physical impacted core */
131    uint16_t mc_core_threadid; /* core thread of physical core */
132    uint32_t mc_apicid;
133    uint32_t mc_flags;
134    uint64_t mc_gstatus; /* global status */
135};
136
137/* contains bank local x86 mc information */
138struct mcinfo_bank {
139    struct mcinfo_common common;
140
141    uint16_t mc_bank; /* bank nr */
142    uint16_t mc_domid; /* Usecase 5: domain referenced by mc_addr on dom0
143                        * and if mc_addr is valid. Never valid on DomU. */
144    uint64_t mc_status; /* bank status */
145    uint64_t mc_addr;   /* bank address, only valid
146                         * if addr bit is set in mc_status */
147    uint64_t mc_misc;
148    uint64_t mc_ctrl2;
149    uint64_t mc_tsc;
150};
151
152
153struct mcinfo_msr {
154    uint64_t reg;   /* MSR */
155    uint64_t value; /* MSR value */
156};
157
158/* contains mc information from other
159 * or additional mc MSRs */
160struct mcinfo_extended {
161    struct mcinfo_common common;
162
163    /* You can fill up to five registers.
164     * If you need more, then use this structure
165     * multiple times. */
166
167    uint32_t mc_msrs; /* Number of msr with valid values. */
168    /*
169     * Currently Intel extended MSR (32/64) include all gp registers
170     * and E(R)FLAGS, E(R)IP, E(R)MISC, up to 11/19 of them might be
171     * useful at present. So expand this array to 16/32 to leave room.
172     */
173    struct mcinfo_msr mc_msr[sizeof(void *) * 4];
174};
175
176/* Recovery Action flags. Giving recovery result information to DOM0 */
177
178/* Xen takes successful recovery action, the error is recovered */
179#define REC_ACTION_RECOVERED (0x1 << 0)
180/* No action is performed by XEN */
181#define REC_ACTION_NONE (0x1 << 1)
182/* It's possible DOM0 might take action ownership in some case */
183#define REC_ACTION_NEED_RESET (0x1 << 2)
184
185/* Different Recovery Action types, if the action is performed successfully,
186 * REC_ACTION_RECOVERED flag will be returned.
187 */
188
189/* Page Offline Action */
190#define MC_ACTION_PAGE_OFFLINE (0x1 << 0)
191/* CPU offline Action */
192#define MC_ACTION_CPU_OFFLINE (0x1 << 1)
193/* L3 cache disable Action */
194#define MC_ACTION_CACHE_SHRINK (0x1 << 2)
195
196/* Below interface used between XEN/DOM0 for passing XEN's recovery action
197 * information to DOM0.
198 * usage Senario: After offlining broken page, XEN might pass its page offline
199 * recovery action result to DOM0. DOM0 will save the information in
200 * non-volatile memory for further proactive actions, such as offlining the
201 * easy broken page earlier when doing next reboot.
202*/
203struct page_offline_action
204{
205    /* Params for passing the offlined page number to DOM0 */
206    uint64_t mfn;
207    uint64_t status;
208};
209
210struct cpu_offline_action
211{
212    /* Params for passing the identity of the offlined CPU to DOM0 */
213    uint32_t mc_socketid;
214    uint16_t mc_coreid;
215    uint16_t mc_core_threadid;
216};
217
218#define MAX_UNION_SIZE 16
219struct mcinfo_recovery
220{
221    struct mcinfo_common common;
222    uint16_t mc_bank; /* bank nr */
223    uint8_t action_flags;
224    uint8_t action_types;
225    union {
226        struct page_offline_action page_retire;
227        struct cpu_offline_action cpu_offline;
228        uint8_t pad[MAX_UNION_SIZE];
229    } action_info;
230};
231
232
233#define MCINFO_HYPERCALLSIZE	1024
234#define MCINFO_MAXSIZE		768
235
236#define MCINFO_FLAGS_UNCOMPLETE 0x1
237struct mc_info {
238    /* Number of mcinfo_* entries in mi_data */
239    uint32_t mi_nentries;
240    uint32_t flags;
241    uint64_t mi_data[(MCINFO_MAXSIZE - 1) / 8];
242};
243typedef struct mc_info mc_info_t;
244DEFINE_XEN_GUEST_HANDLE(mc_info_t);
245
246#define __MC_MSR_ARRAYSIZE 8
247#define __MC_NMSRS 1
248#define MC_NCAPS	7	/* 7 CPU feature flag words */
249#define MC_CAPS_STD_EDX	0	/* cpuid level 0x00000001 (%edx) */
250#define MC_CAPS_AMD_EDX	1	/* cpuid level 0x80000001 (%edx) */
251#define MC_CAPS_TM	2	/* cpuid level 0x80860001 (TransMeta) */
252#define MC_CAPS_LINUX	3	/* Linux-defined */
253#define MC_CAPS_STD_ECX	4	/* cpuid level 0x00000001 (%ecx) */
254#define MC_CAPS_VIA	5	/* cpuid level 0xc0000001 */
255#define MC_CAPS_AMD_ECX	6	/* cpuid level 0x80000001 (%ecx) */
256
257struct mcinfo_logical_cpu {
258    uint32_t mc_cpunr;
259    uint32_t mc_chipid;
260    uint16_t mc_coreid;
261    uint16_t mc_threadid;
262    uint32_t mc_apicid;
263    uint32_t mc_clusterid;
264    uint32_t mc_ncores;
265    uint32_t mc_ncores_active;
266    uint32_t mc_nthreads;
267    int32_t mc_cpuid_level;
268    uint32_t mc_family;
269    uint32_t mc_vendor;
270    uint32_t mc_model;
271    uint32_t mc_step;
272    char mc_vendorid[16];
273    char mc_brandid[64];
274    uint32_t mc_cpu_caps[MC_NCAPS];
275    uint32_t mc_cache_size;
276    uint32_t mc_cache_alignment;
277    int32_t mc_nmsrvals;
278    struct mcinfo_msr mc_msrvalues[__MC_MSR_ARRAYSIZE];
279};
280typedef struct mcinfo_logical_cpu xen_mc_logical_cpu_t;
281DEFINE_XEN_GUEST_HANDLE(xen_mc_logical_cpu_t);
282
283
284/*
285 * OS's should use these instead of writing their own lookup function
286 * each with its own bugs and drawbacks.
287 * We use macros instead of static inline functions to allow guests
288 * to include this header in assembly files (*.S).
289 */
290/* Prototype:
291 *    uint32_t x86_mcinfo_nentries(struct mc_info *mi);
292 */
293#define x86_mcinfo_nentries(_mi)    \
294    (_mi)->mi_nentries
295/* Prototype:
296 *    struct mcinfo_common *x86_mcinfo_first(struct mc_info *mi);
297 */
298#define x86_mcinfo_first(_mi)       \
299    ((struct mcinfo_common *)(_mi)->mi_data)
300/* Prototype:
301 *    struct mcinfo_common *x86_mcinfo_next(struct mcinfo_common *mic);
302 */
303#define x86_mcinfo_next(_mic)       \
304    ((struct mcinfo_common *)((uint8_t *)(_mic) + (_mic)->size))
305
306/* Prototype:
307 *    void x86_mcinfo_lookup(void *ret, struct mc_info *mi, uint16_t type);
308 */
309#define x86_mcinfo_lookup(_ret, _mi, _type)    \
310    do {                                                        \
311        uint32_t found, i;                                      \
312        struct mcinfo_common *_mic;                             \
313                                                                \
314        found = 0;                                              \
315	(_ret) = NULL;						\
316	if (_mi == NULL) break;					\
317        _mic = x86_mcinfo_first(_mi);                           \
318        for (i = 0; i < x86_mcinfo_nentries(_mi); i++) {        \
319            if (_mic->type == (_type)) {                        \
320                found = 1;                                      \
321                break;                                          \
322            }                                                   \
323            _mic = x86_mcinfo_next(_mic);                       \
324        }                                                       \
325        (_ret) = found ? _mic : NULL;                           \
326    } while (0)
327
328
329/* Usecase 1
330 * Register machine check trap callback handler
331 *    (already done via "set_trap_table" hypercall)
332 */
333
334/* Usecase 2
335 * Dom0 registers machine check event callback handler
336 * done by EVTCHNOP_bind_virq
337 */
338
339/* Usecase 3
340 * Fetch machine check data from hypervisor.
341 * Note, this hypercall is special, because both Dom0 and DomU must use this.
342 */
343#define XEN_MC_fetch            1
344struct xen_mc_fetch {
345    /* IN/OUT variables. */
346    uint32_t flags;	/* IN: XEN_MC_NONURGENT, XEN_MC_URGENT,
347                           XEN_MC_ACK if ack'ing an earlier fetch */
348			/* OUT: XEN_MC_OK, XEN_MC_FETCHFAILED,
349			   XEN_MC_NODATA, XEN_MC_NOMATCH */
350    uint32_t _pad0;
351    uint64_t fetch_id;	/* OUT: id for ack, IN: id we are ack'ing */
352
353    /* OUT variables. */
354    XEN_GUEST_HANDLE(mc_info_t) data;
355};
356typedef struct xen_mc_fetch xen_mc_fetch_t;
357DEFINE_XEN_GUEST_HANDLE(xen_mc_fetch_t);
358
359
360/* Usecase 4
361 * This tells the hypervisor to notify a DomU about the machine check error
362 */
363#define XEN_MC_notifydomain     2
364struct xen_mc_notifydomain {
365    /* IN variables. */
366    uint16_t mc_domid;    /* The unprivileged domain to notify. */
367    uint16_t mc_vcpuid;   /* The vcpu in mc_domid to notify.
368                           * Usually echo'd value from the fetch hypercall. */
369
370    /* IN/OUT variables. */
371    uint32_t flags;
372
373/* IN: XEN_MC_CORRECTABLE, XEN_MC_TRAP */
374/* OUT: XEN_MC_OK, XEN_MC_CANNOTHANDLE, XEN_MC_NOTDELIVERED, XEN_MC_NOMATCH */
375};
376typedef struct xen_mc_notifydomain xen_mc_notifydomain_t;
377DEFINE_XEN_GUEST_HANDLE(xen_mc_notifydomain_t);
378
379#define XEN_MC_physcpuinfo 3
380struct xen_mc_physcpuinfo {
381	/* IN/OUT */
382	uint32_t ncpus;
383	uint32_t _pad0;
384	/* OUT */
385	XEN_GUEST_HANDLE(xen_mc_logical_cpu_t) info;
386};
387
388#define XEN_MC_msrinject    4
389#define MC_MSRINJ_MAXMSRS       8
390struct xen_mc_msrinject {
391       /* IN */
392	uint32_t mcinj_cpunr;           /* target processor id */
393	uint32_t mcinj_flags;           /* see MC_MSRINJ_F_* below */
394	uint32_t mcinj_count;           /* 0 .. count-1 in array are valid */
395	uint32_t _pad0;
396	struct mcinfo_msr mcinj_msr[MC_MSRINJ_MAXMSRS];
397};
398
399/* Flags for mcinj_flags above; bits 16-31 are reserved */
400#define MC_MSRINJ_F_INTERPOSE   0x1
401
402#define XEN_MC_mceinject    5
403struct xen_mc_mceinject {
404	unsigned int mceinj_cpunr;      /* target processor id */
405};
406
407#if defined(__XEN__) || defined(__XEN_TOOLS__)
408#define XEN_MC_inject_v2        6
409#define XEN_MC_INJECT_TYPE_MASK     0x7
410#define XEN_MC_INJECT_TYPE_MCE      0x0
411#define XEN_MC_INJECT_TYPE_CMCI     0x1
412
413#define XEN_MC_INJECT_CPU_BROADCAST 0x8
414
415struct xen_mc_inject_v2 {
416	uint32_t flags;
417	struct xenctl_cpumap cpumap;
418};
419#endif
420
421struct xen_mc {
422    uint32_t cmd;
423    uint32_t interface_version; /* XEN_MCA_INTERFACE_VERSION */
424    union {
425        struct xen_mc_fetch        mc_fetch;
426        struct xen_mc_notifydomain mc_notifydomain;
427        struct xen_mc_physcpuinfo  mc_physcpuinfo;
428        struct xen_mc_msrinject    mc_msrinject;
429        struct xen_mc_mceinject    mc_mceinject;
430#if defined(__XEN__) || defined(__XEN_TOOLS__)
431        struct xen_mc_inject_v2    mc_inject_v2;
432#endif
433    } u;
434};
435typedef struct xen_mc xen_mc_t;
436DEFINE_XEN_GUEST_HANDLE(xen_mc_t);
437
438#endif /* __ASSEMBLY__ */
439
440#endif /* __XEN_PUBLIC_ARCH_X86_MCA_H__ */
441