usb: limit combined packets to 1 MiB (CVE-2021-3527)
[qemu/kevin.git] / hw / ppc / spapr_events.c
blobd51daedfa6e0549d53f43bc83fdb7b6cd32cfeb1
1 /*
2 * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
4 * RTAS events handling
6 * Copyright (c) 2012 David Gibson, IBM Corporation.
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
28 #include "qemu/osdep.h"
29 #include "qapi/error.h"
30 #include "cpu.h"
31 #include "sysemu/device_tree.h"
32 #include "sysemu/runstate.h"
34 #include "hw/ppc/fdt.h"
35 #include "hw/ppc/spapr.h"
36 #include "hw/ppc/spapr_vio.h"
37 #include "hw/pci/pci.h"
38 #include "hw/irq.h"
39 #include "hw/pci-host/spapr.h"
40 #include "hw/ppc/spapr_drc.h"
41 #include "qemu/help_option.h"
42 #include "qemu/bcd.h"
43 #include "qemu/main-loop.h"
44 #include "hw/ppc/spapr_ovec.h"
45 #include <libfdt.h>
46 #include "migration/blocker.h"
48 #define RTAS_LOG_VERSION_MASK 0xff000000
49 #define RTAS_LOG_VERSION_6 0x06000000
50 #define RTAS_LOG_SEVERITY_MASK 0x00e00000
51 #define RTAS_LOG_SEVERITY_ALREADY_REPORTED 0x00c00000
52 #define RTAS_LOG_SEVERITY_FATAL 0x00a00000
53 #define RTAS_LOG_SEVERITY_ERROR 0x00800000
54 #define RTAS_LOG_SEVERITY_ERROR_SYNC 0x00600000
55 #define RTAS_LOG_SEVERITY_WARNING 0x00400000
56 #define RTAS_LOG_SEVERITY_EVENT 0x00200000
57 #define RTAS_LOG_SEVERITY_NO_ERROR 0x00000000
58 #define RTAS_LOG_DISPOSITION_MASK 0x00180000
59 #define RTAS_LOG_DISPOSITION_FULLY_RECOVERED 0x00000000
60 #define RTAS_LOG_DISPOSITION_LIMITED_RECOVERY 0x00080000
61 #define RTAS_LOG_DISPOSITION_NOT_RECOVERED 0x00100000
62 #define RTAS_LOG_OPTIONAL_PART_PRESENT 0x00040000
63 #define RTAS_LOG_INITIATOR_MASK 0x0000f000
64 #define RTAS_LOG_INITIATOR_UNKNOWN 0x00000000
65 #define RTAS_LOG_INITIATOR_CPU 0x00001000
66 #define RTAS_LOG_INITIATOR_PCI 0x00002000
67 #define RTAS_LOG_INITIATOR_MEMORY 0x00004000
68 #define RTAS_LOG_INITIATOR_HOTPLUG 0x00006000
69 #define RTAS_LOG_TARGET_MASK 0x00000f00
70 #define RTAS_LOG_TARGET_UNKNOWN 0x00000000
71 #define RTAS_LOG_TARGET_CPU 0x00000100
72 #define RTAS_LOG_TARGET_PCI 0x00000200
73 #define RTAS_LOG_TARGET_MEMORY 0x00000400
74 #define RTAS_LOG_TARGET_HOTPLUG 0x00000600
75 #define RTAS_LOG_TYPE_MASK 0x000000ff
76 #define RTAS_LOG_TYPE_OTHER 0x00000000
77 #define RTAS_LOG_TYPE_RETRY 0x00000001
78 #define RTAS_LOG_TYPE_TCE_ERR 0x00000002
79 #define RTAS_LOG_TYPE_INTERN_DEV_FAIL 0x00000003
80 #define RTAS_LOG_TYPE_TIMEOUT 0x00000004
81 #define RTAS_LOG_TYPE_DATA_PARITY 0x00000005
82 #define RTAS_LOG_TYPE_ADDR_PARITY 0x00000006
83 #define RTAS_LOG_TYPE_CACHE_PARITY 0x00000007
84 #define RTAS_LOG_TYPE_ADDR_INVALID 0x00000008
85 #define RTAS_LOG_TYPE_ECC_UNCORR 0x00000009
86 #define RTAS_LOG_TYPE_ECC_CORR 0x0000000a
87 #define RTAS_LOG_TYPE_EPOW 0x00000040
88 #define RTAS_LOG_TYPE_HOTPLUG 0x000000e5
90 struct rtas_error_log {
91 uint32_t summary;
92 uint32_t extended_length;
93 } QEMU_PACKED;
95 struct rtas_event_log_v6 {
96 uint8_t b0;
97 #define RTAS_LOG_V6_B0_VALID 0x80
98 #define RTAS_LOG_V6_B0_UNRECOVERABLE_ERROR 0x40
99 #define RTAS_LOG_V6_B0_RECOVERABLE_ERROR 0x20
100 #define RTAS_LOG_V6_B0_DEGRADED_OPERATION 0x10
101 #define RTAS_LOG_V6_B0_PREDICTIVE_ERROR 0x08
102 #define RTAS_LOG_V6_B0_NEW_LOG 0x04
103 #define RTAS_LOG_V6_B0_BIGENDIAN 0x02
104 uint8_t _resv1;
105 uint8_t b2;
106 #define RTAS_LOG_V6_B2_POWERPC_FORMAT 0x80
107 #define RTAS_LOG_V6_B2_LOG_FORMAT_MASK 0x0f
108 #define RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT 0x0e
109 uint8_t _resv2[9];
110 uint32_t company;
111 #define RTAS_LOG_V6_COMPANY_IBM 0x49424d00 /* IBM<null> */
112 } QEMU_PACKED;
114 struct rtas_event_log_v6_section_header {
115 uint16_t section_id;
116 uint16_t section_length;
117 uint8_t section_version;
118 uint8_t section_subtype;
119 uint16_t creator_component_id;
120 } QEMU_PACKED;
122 struct rtas_event_log_v6_maina {
123 #define RTAS_LOG_V6_SECTION_ID_MAINA 0x5048 /* PH */
124 struct rtas_event_log_v6_section_header hdr;
125 uint32_t creation_date; /* BCD: YYYYMMDD */
126 uint32_t creation_time; /* BCD: HHMMSS00 */
127 uint8_t _platform1[8];
128 char creator_id;
129 uint8_t _resv1[2];
130 uint8_t section_count;
131 uint8_t _resv2[4];
132 uint8_t _platform2[8];
133 uint32_t plid;
134 uint8_t _platform3[4];
135 } QEMU_PACKED;
137 struct rtas_event_log_v6_mainb {
138 #define RTAS_LOG_V6_SECTION_ID_MAINB 0x5548 /* UH */
139 struct rtas_event_log_v6_section_header hdr;
140 uint8_t subsystem_id;
141 uint8_t _platform1;
142 uint8_t event_severity;
143 uint8_t event_subtype;
144 uint8_t _platform2[4];
145 uint8_t _resv1[2];
146 uint16_t action_flags;
147 uint8_t _resv2[4];
148 } QEMU_PACKED;
150 struct rtas_event_log_v6_epow {
151 #define RTAS_LOG_V6_SECTION_ID_EPOW 0x4550 /* EP */
152 struct rtas_event_log_v6_section_header hdr;
153 uint8_t sensor_value;
154 #define RTAS_LOG_V6_EPOW_ACTION_RESET 0
155 #define RTAS_LOG_V6_EPOW_ACTION_WARN_COOLING 1
156 #define RTAS_LOG_V6_EPOW_ACTION_WARN_POWER 2
157 #define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN 3
158 #define RTAS_LOG_V6_EPOW_ACTION_SYSTEM_HALT 4
159 #define RTAS_LOG_V6_EPOW_ACTION_MAIN_ENCLOSURE 5
160 #define RTAS_LOG_V6_EPOW_ACTION_POWER_OFF 7
161 uint8_t event_modifier;
162 #define RTAS_LOG_V6_EPOW_MODIFIER_NORMAL 1
163 #define RTAS_LOG_V6_EPOW_MODIFIER_ON_UPS 2
164 #define RTAS_LOG_V6_EPOW_MODIFIER_CRITICAL 3
165 #define RTAS_LOG_V6_EPOW_MODIFIER_TEMPERATURE 4
166 uint8_t extended_modifier;
167 #define RTAS_LOG_V6_EPOW_XMODIFIER_SYSTEM_WIDE 0
168 #define RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC 1
169 uint8_t _resv;
170 uint64_t reason_code;
171 } QEMU_PACKED;
173 struct epow_extended_log {
174 struct rtas_event_log_v6 v6hdr;
175 struct rtas_event_log_v6_maina maina;
176 struct rtas_event_log_v6_mainb mainb;
177 struct rtas_event_log_v6_epow epow;
178 } QEMU_PACKED;
180 union drc_identifier {
181 uint32_t index;
182 uint32_t count;
183 struct {
184 uint32_t count;
185 uint32_t index;
186 } count_indexed;
187 char name[1];
188 } QEMU_PACKED;
190 struct rtas_event_log_v6_hp {
191 #define RTAS_LOG_V6_SECTION_ID_HOTPLUG 0x4850 /* HP */
192 struct rtas_event_log_v6_section_header hdr;
193 uint8_t hotplug_type;
194 #define RTAS_LOG_V6_HP_TYPE_CPU 1
195 #define RTAS_LOG_V6_HP_TYPE_MEMORY 2
196 #define RTAS_LOG_V6_HP_TYPE_SLOT 3
197 #define RTAS_LOG_V6_HP_TYPE_PHB 4
198 #define RTAS_LOG_V6_HP_TYPE_PCI 5
199 #define RTAS_LOG_V6_HP_TYPE_PMEM 6
200 uint8_t hotplug_action;
201 #define RTAS_LOG_V6_HP_ACTION_ADD 1
202 #define RTAS_LOG_V6_HP_ACTION_REMOVE 2
203 uint8_t hotplug_identifier;
204 #define RTAS_LOG_V6_HP_ID_DRC_NAME 1
205 #define RTAS_LOG_V6_HP_ID_DRC_INDEX 2
206 #define RTAS_LOG_V6_HP_ID_DRC_COUNT 3
207 #define RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED 4
208 uint8_t reserved;
209 union drc_identifier drc_id;
210 } QEMU_PACKED;
212 struct hp_extended_log {
213 struct rtas_event_log_v6 v6hdr;
214 struct rtas_event_log_v6_maina maina;
215 struct rtas_event_log_v6_mainb mainb;
216 struct rtas_event_log_v6_hp hp;
217 } QEMU_PACKED;
219 struct rtas_event_log_v6_mc {
220 #define RTAS_LOG_V6_SECTION_ID_MC 0x4D43 /* MC */
221 struct rtas_event_log_v6_section_header hdr;
222 uint32_t fru_id;
223 uint32_t proc_id;
224 uint8_t error_type;
225 #define RTAS_LOG_V6_MC_TYPE_UE 0
226 #define RTAS_LOG_V6_MC_TYPE_SLB 1
227 #define RTAS_LOG_V6_MC_TYPE_ERAT 2
228 #define RTAS_LOG_V6_MC_TYPE_TLB 4
229 #define RTAS_LOG_V6_MC_TYPE_D_CACHE 5
230 #define RTAS_LOG_V6_MC_TYPE_I_CACHE 7
231 uint8_t sub_err_type;
232 #define RTAS_LOG_V6_MC_UE_INDETERMINATE 0
233 #define RTAS_LOG_V6_MC_UE_IFETCH 1
234 #define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH 2
235 #define RTAS_LOG_V6_MC_UE_LOAD_STORE 3
236 #define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_LOAD_STORE 4
237 #define RTAS_LOG_V6_MC_SLB_PARITY 0
238 #define RTAS_LOG_V6_MC_SLB_MULTIHIT 1
239 #define RTAS_LOG_V6_MC_SLB_INDETERMINATE 2
240 #define RTAS_LOG_V6_MC_ERAT_PARITY 1
241 #define RTAS_LOG_V6_MC_ERAT_MULTIHIT 2
242 #define RTAS_LOG_V6_MC_ERAT_INDETERMINATE 3
243 #define RTAS_LOG_V6_MC_TLB_PARITY 1
244 #define RTAS_LOG_V6_MC_TLB_MULTIHIT 2
245 #define RTAS_LOG_V6_MC_TLB_INDETERMINATE 3
247 * Per PAPR,
248 * For UE error type, set bit 1 of sub_err_type to indicate effective addr is
249 * provided. For other error types (SLB/ERAT/TLB), set bit 0 to indicate
250 * same.
252 #define RTAS_LOG_V6_MC_UE_EA_ADDR_PROVIDED 0x40
253 #define RTAS_LOG_V6_MC_EA_ADDR_PROVIDED 0x80
254 uint8_t reserved_1[6];
255 uint64_t effective_address;
256 uint64_t logical_address;
257 } QEMU_PACKED;
259 struct mc_extended_log {
260 struct rtas_event_log_v6 v6hdr;
261 struct rtas_event_log_v6_mc mc;
262 } QEMU_PACKED;
264 struct MC_ierror_table {
265 unsigned long srr1_mask;
266 unsigned long srr1_value;
267 bool nip_valid; /* nip is a valid indicator of faulting address */
268 uint8_t error_type;
269 uint8_t error_subtype;
270 unsigned int initiator;
271 unsigned int severity;
274 static const struct MC_ierror_table mc_ierror_table[] = {
275 { 0x00000000081c0000, 0x0000000000040000, true,
276 RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_IFETCH,
277 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
278 { 0x00000000081c0000, 0x0000000000080000, true,
279 RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_PARITY,
280 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
281 { 0x00000000081c0000, 0x00000000000c0000, true,
282 RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_MULTIHIT,
283 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
284 { 0x00000000081c0000, 0x0000000000100000, true,
285 RTAS_LOG_V6_MC_TYPE_ERAT, RTAS_LOG_V6_MC_ERAT_MULTIHIT,
286 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
287 { 0x00000000081c0000, 0x0000000000140000, true,
288 RTAS_LOG_V6_MC_TYPE_TLB, RTAS_LOG_V6_MC_TLB_MULTIHIT,
289 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
290 { 0x00000000081c0000, 0x0000000000180000, true,
291 RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH,
292 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, } };
294 struct MC_derror_table {
295 unsigned long dsisr_value;
296 bool dar_valid; /* dar is a valid indicator of faulting address */
297 uint8_t error_type;
298 uint8_t error_subtype;
299 unsigned int initiator;
300 unsigned int severity;
303 static const struct MC_derror_table mc_derror_table[] = {
304 { 0x00008000, false,
305 RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_LOAD_STORE,
306 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
307 { 0x00004000, true,
308 RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_LOAD_STORE,
309 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
310 { 0x00000800, true,
311 RTAS_LOG_V6_MC_TYPE_ERAT, RTAS_LOG_V6_MC_ERAT_MULTIHIT,
312 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
313 { 0x00000400, true,
314 RTAS_LOG_V6_MC_TYPE_TLB, RTAS_LOG_V6_MC_TLB_MULTIHIT,
315 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
316 { 0x00000080, true,
317 RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_MULTIHIT, /* Before PARITY */
318 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
319 { 0x00000100, true,
320 RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_PARITY,
321 RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, } };
323 #define SRR1_MC_LOADSTORE(srr1) ((srr1) & PPC_BIT(42))
325 typedef enum EventClass {
326 EVENT_CLASS_INTERNAL_ERRORS = 0,
327 EVENT_CLASS_EPOW = 1,
328 EVENT_CLASS_RESERVED = 2,
329 EVENT_CLASS_HOT_PLUG = 3,
330 EVENT_CLASS_IO = 4,
331 EVENT_CLASS_MAX
332 } EventClassIndex;
333 #define EVENT_CLASS_MASK(index) (1 << (31 - index))
335 static const char * const event_names[EVENT_CLASS_MAX] = {
336 [EVENT_CLASS_INTERNAL_ERRORS] = "internal-errors",
337 [EVENT_CLASS_EPOW] = "epow-events",
338 [EVENT_CLASS_HOT_PLUG] = "hot-plug-events",
339 [EVENT_CLASS_IO] = "ibm,io-events",
342 struct SpaprEventSource {
343 int irq;
344 uint32_t mask;
345 bool enabled;
348 static SpaprEventSource *spapr_event_sources_new(void)
350 return g_new0(SpaprEventSource, EVENT_CLASS_MAX);
353 static void spapr_event_sources_register(SpaprEventSource *event_sources,
354 EventClassIndex index, int irq)
356 /* we only support 1 irq per event class at the moment */
357 g_assert(event_sources);
358 g_assert(!event_sources[index].enabled);
359 event_sources[index].irq = irq;
360 event_sources[index].mask = EVENT_CLASS_MASK(index);
361 event_sources[index].enabled = true;
364 static const SpaprEventSource *
365 spapr_event_sources_get_source(SpaprEventSource *event_sources,
366 EventClassIndex index)
368 g_assert(index < EVENT_CLASS_MAX);
369 g_assert(event_sources);
371 return &event_sources[index];
374 void spapr_dt_events(SpaprMachineState *spapr, void *fdt)
376 uint32_t irq_ranges[EVENT_CLASS_MAX * 2];
377 int i, count = 0, event_sources;
378 SpaprEventSource *events = spapr->event_sources;
380 g_assert(events);
382 _FDT(event_sources = fdt_add_subnode(fdt, 0, "event-sources"));
384 for (i = 0, count = 0; i < EVENT_CLASS_MAX; i++) {
385 int node_offset;
386 uint32_t interrupts[2];
387 const SpaprEventSource *source =
388 spapr_event_sources_get_source(events, i);
389 const char *source_name = event_names[i];
391 if (!source->enabled) {
392 continue;
395 spapr_dt_irq(interrupts, source->irq, false);
397 _FDT(node_offset = fdt_add_subnode(fdt, event_sources, source_name));
398 _FDT(fdt_setprop(fdt, node_offset, "interrupts", interrupts,
399 sizeof(interrupts)));
401 irq_ranges[count++] = interrupts[0];
402 irq_ranges[count++] = cpu_to_be32(1);
405 _FDT((fdt_setprop(fdt, event_sources, "interrupt-controller", NULL, 0)));
406 _FDT((fdt_setprop_cell(fdt, event_sources, "#interrupt-cells", 2)));
407 _FDT((fdt_setprop(fdt, event_sources, "interrupt-ranges",
408 irq_ranges, count * sizeof(uint32_t))));
411 static const SpaprEventSource *
412 rtas_event_log_to_source(SpaprMachineState *spapr, int log_type)
414 const SpaprEventSource *source;
416 g_assert(spapr->event_sources);
418 switch (log_type) {
419 case RTAS_LOG_TYPE_HOTPLUG:
420 source = spapr_event_sources_get_source(spapr->event_sources,
421 EVENT_CLASS_HOT_PLUG);
422 if (spapr_ovec_test(spapr->ov5_cas, OV5_HP_EVT)) {
423 g_assert(source->enabled);
424 break;
426 /* fall through back to epow for legacy hotplug interrupt source */
427 case RTAS_LOG_TYPE_EPOW:
428 source = spapr_event_sources_get_source(spapr->event_sources,
429 EVENT_CLASS_EPOW);
430 break;
431 default:
432 source = NULL;
435 return source;
438 static int rtas_event_log_to_irq(SpaprMachineState *spapr, int log_type)
440 const SpaprEventSource *source;
442 source = rtas_event_log_to_source(spapr, log_type);
443 g_assert(source);
444 g_assert(source->enabled);
446 return source->irq;
449 static uint32_t spapr_event_log_entry_type(SpaprEventLogEntry *entry)
451 return entry->summary & RTAS_LOG_TYPE_MASK;
454 static void rtas_event_log_queue(SpaprMachineState *spapr,
455 SpaprEventLogEntry *entry)
457 QTAILQ_INSERT_TAIL(&spapr->pending_events, entry, next);
460 static SpaprEventLogEntry *rtas_event_log_dequeue(SpaprMachineState *spapr,
461 uint32_t event_mask)
463 SpaprEventLogEntry *entry = NULL;
465 QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
466 const SpaprEventSource *source =
467 rtas_event_log_to_source(spapr,
468 spapr_event_log_entry_type(entry));
470 g_assert(source);
471 if (source->mask & event_mask) {
472 break;
476 if (entry) {
477 QTAILQ_REMOVE(&spapr->pending_events, entry, next);
480 return entry;
483 static bool rtas_event_log_contains(SpaprMachineState *spapr, uint32_t event_mask)
485 SpaprEventLogEntry *entry = NULL;
487 QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
488 const SpaprEventSource *source =
489 rtas_event_log_to_source(spapr,
490 spapr_event_log_entry_type(entry));
492 if (source->mask & event_mask) {
493 return true;
497 return false;
500 static uint32_t next_plid;
502 static void spapr_init_v6hdr(struct rtas_event_log_v6 *v6hdr)
504 v6hdr->b0 = RTAS_LOG_V6_B0_VALID | RTAS_LOG_V6_B0_NEW_LOG
505 | RTAS_LOG_V6_B0_BIGENDIAN;
506 v6hdr->b2 = RTAS_LOG_V6_B2_POWERPC_FORMAT
507 | RTAS_LOG_V6_B2_LOG_FORMAT_PLATFORM_EVENT;
508 v6hdr->company = cpu_to_be32(RTAS_LOG_V6_COMPANY_IBM);
511 static void spapr_init_maina(SpaprMachineState *spapr,
512 struct rtas_event_log_v6_maina *maina,
513 int section_count)
515 struct tm tm;
516 int year;
518 maina->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINA);
519 maina->hdr.section_length = cpu_to_be16(sizeof(*maina));
520 /* FIXME: section version, subtype and creator id? */
521 spapr_rtc_read(&spapr->rtc, &tm, NULL);
522 year = tm.tm_year + 1900;
523 maina->creation_date = cpu_to_be32((to_bcd(year / 100) << 24)
524 | (to_bcd(year % 100) << 16)
525 | (to_bcd(tm.tm_mon + 1) << 8)
526 | to_bcd(tm.tm_mday));
527 maina->creation_time = cpu_to_be32((to_bcd(tm.tm_hour) << 24)
528 | (to_bcd(tm.tm_min) << 16)
529 | (to_bcd(tm.tm_sec) << 8));
530 maina->creator_id = 'H'; /* Hypervisor */
531 maina->section_count = section_count;
532 maina->plid = next_plid++;
535 static void spapr_powerdown_req(Notifier *n, void *opaque)
537 SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
538 SpaprEventLogEntry *entry;
539 struct rtas_event_log_v6 *v6hdr;
540 struct rtas_event_log_v6_maina *maina;
541 struct rtas_event_log_v6_mainb *mainb;
542 struct rtas_event_log_v6_epow *epow;
543 struct epow_extended_log *new_epow;
545 entry = g_new(SpaprEventLogEntry, 1);
546 new_epow = g_malloc0(sizeof(*new_epow));
547 entry->extended_log = new_epow;
549 v6hdr = &new_epow->v6hdr;
550 maina = &new_epow->maina;
551 mainb = &new_epow->mainb;
552 epow = &new_epow->epow;
554 entry->summary = RTAS_LOG_VERSION_6
555 | RTAS_LOG_SEVERITY_EVENT
556 | RTAS_LOG_DISPOSITION_NOT_RECOVERED
557 | RTAS_LOG_OPTIONAL_PART_PRESENT
558 | RTAS_LOG_TYPE_EPOW;
559 entry->extended_length = sizeof(*new_epow);
561 spapr_init_v6hdr(v6hdr);
562 spapr_init_maina(spapr, maina, 3 /* Main-A, Main-B and EPOW */);
564 mainb->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINB);
565 mainb->hdr.section_length = cpu_to_be16(sizeof(*mainb));
566 /* FIXME: section version, subtype and creator id? */
567 mainb->subsystem_id = 0xa0; /* External environment */
568 mainb->event_severity = 0x00; /* Informational / non-error */
569 mainb->event_subtype = 0xd0; /* Normal shutdown */
571 epow->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_EPOW);
572 epow->hdr.section_length = cpu_to_be16(sizeof(*epow));
573 epow->hdr.section_version = 2; /* includes extended modifier */
574 /* FIXME: section subtype and creator id? */
575 epow->sensor_value = RTAS_LOG_V6_EPOW_ACTION_SYSTEM_SHUTDOWN;
576 epow->event_modifier = RTAS_LOG_V6_EPOW_MODIFIER_NORMAL;
577 epow->extended_modifier = RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC;
579 rtas_event_log_queue(spapr, entry);
581 qemu_irq_pulse(spapr_qirq(spapr,
582 rtas_event_log_to_irq(spapr, RTAS_LOG_TYPE_EPOW)));
585 static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t hp_action,
586 SpaprDrcType drc_type,
587 union drc_identifier *drc_id)
589 SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
590 SpaprEventLogEntry *entry;
591 struct hp_extended_log *new_hp;
592 struct rtas_event_log_v6 *v6hdr;
593 struct rtas_event_log_v6_maina *maina;
594 struct rtas_event_log_v6_mainb *mainb;
595 struct rtas_event_log_v6_hp *hp;
597 entry = g_new(SpaprEventLogEntry, 1);
598 new_hp = g_malloc0(sizeof(struct hp_extended_log));
599 entry->extended_log = new_hp;
601 v6hdr = &new_hp->v6hdr;
602 maina = &new_hp->maina;
603 mainb = &new_hp->mainb;
604 hp = &new_hp->hp;
606 entry->summary = RTAS_LOG_VERSION_6
607 | RTAS_LOG_SEVERITY_EVENT
608 | RTAS_LOG_DISPOSITION_NOT_RECOVERED
609 | RTAS_LOG_OPTIONAL_PART_PRESENT
610 | RTAS_LOG_INITIATOR_HOTPLUG
611 | RTAS_LOG_TYPE_HOTPLUG;
612 entry->extended_length = sizeof(*new_hp);
614 spapr_init_v6hdr(v6hdr);
615 spapr_init_maina(spapr, maina, 3 /* Main-A, Main-B, HP */);
617 mainb->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MAINB);
618 mainb->hdr.section_length = cpu_to_be16(sizeof(*mainb));
619 mainb->subsystem_id = 0x80; /* External environment */
620 mainb->event_severity = 0x00; /* Informational / non-error */
621 mainb->event_subtype = 0x00; /* Normal shutdown */
623 hp->hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_HOTPLUG);
624 hp->hdr.section_length = cpu_to_be16(sizeof(*hp));
625 hp->hdr.section_version = 1; /* includes extended modifier */
626 hp->hotplug_action = hp_action;
627 hp->hotplug_identifier = hp_id;
629 switch (drc_type) {
630 case SPAPR_DR_CONNECTOR_TYPE_PCI:
631 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_PCI;
632 break;
633 case SPAPR_DR_CONNECTOR_TYPE_LMB:
634 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_MEMORY;
635 break;
636 case SPAPR_DR_CONNECTOR_TYPE_CPU:
637 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_CPU;
638 break;
639 case SPAPR_DR_CONNECTOR_TYPE_PHB:
640 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_PHB;
641 break;
642 case SPAPR_DR_CONNECTOR_TYPE_PMEM:
643 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_PMEM;
644 break;
645 default:
646 /* we shouldn't be signaling hotplug events for resources
647 * that don't support them
649 g_assert(false);
650 return;
653 if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT) {
654 hp->drc_id.count = cpu_to_be32(drc_id->count);
655 } else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_INDEX) {
656 hp->drc_id.index = cpu_to_be32(drc_id->index);
657 } else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED) {
658 /* we should not be using count_indexed value unless the guest
659 * supports dedicated hotplug event source
661 g_assert(spapr_memory_hot_unplug_supported(spapr));
662 hp->drc_id.count_indexed.count =
663 cpu_to_be32(drc_id->count_indexed.count);
664 hp->drc_id.count_indexed.index =
665 cpu_to_be32(drc_id->count_indexed.index);
668 rtas_event_log_queue(spapr, entry);
670 qemu_irq_pulse(spapr_qirq(spapr,
671 rtas_event_log_to_irq(spapr, RTAS_LOG_TYPE_HOTPLUG)));
674 void spapr_hotplug_req_add_by_index(SpaprDrc *drc)
676 SpaprDrcType drc_type = spapr_drc_type(drc);
677 union drc_identifier drc_id;
679 drc_id.index = spapr_drc_index(drc);
680 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
681 RTAS_LOG_V6_HP_ACTION_ADD, drc_type, &drc_id);
684 void spapr_hotplug_req_remove_by_index(SpaprDrc *drc)
686 SpaprDrcType drc_type = spapr_drc_type(drc);
687 union drc_identifier drc_id;
689 drc_id.index = spapr_drc_index(drc);
690 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
691 RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, &drc_id);
694 void spapr_hotplug_req_add_by_count(SpaprDrcType drc_type,
695 uint32_t count)
697 union drc_identifier drc_id;
699 drc_id.count = count;
700 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT,
701 RTAS_LOG_V6_HP_ACTION_ADD, drc_type, &drc_id);
704 void spapr_hotplug_req_remove_by_count(SpaprDrcType drc_type,
705 uint32_t count)
707 union drc_identifier drc_id;
709 drc_id.count = count;
710 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT,
711 RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, &drc_id);
714 void spapr_hotplug_req_add_by_count_indexed(SpaprDrcType drc_type,
715 uint32_t count, uint32_t index)
717 union drc_identifier drc_id;
719 drc_id.count_indexed.count = count;
720 drc_id.count_indexed.index = index;
721 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED,
722 RTAS_LOG_V6_HP_ACTION_ADD, drc_type, &drc_id);
725 void spapr_hotplug_req_remove_by_count_indexed(SpaprDrcType drc_type,
726 uint32_t count, uint32_t index)
728 union drc_identifier drc_id;
730 drc_id.count_indexed.count = count;
731 drc_id.count_indexed.index = index;
732 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED,
733 RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, &drc_id);
736 static void spapr_mc_set_ea_provided_flag(struct mc_extended_log *ext_elog)
738 switch (ext_elog->mc.error_type) {
739 case RTAS_LOG_V6_MC_TYPE_UE:
740 ext_elog->mc.sub_err_type |= RTAS_LOG_V6_MC_UE_EA_ADDR_PROVIDED;
741 break;
742 case RTAS_LOG_V6_MC_TYPE_SLB:
743 case RTAS_LOG_V6_MC_TYPE_ERAT:
744 case RTAS_LOG_V6_MC_TYPE_TLB:
745 ext_elog->mc.sub_err_type |= RTAS_LOG_V6_MC_EA_ADDR_PROVIDED;
746 break;
747 default:
748 break;
752 static uint32_t spapr_mce_get_elog_type(PowerPCCPU *cpu, bool recovered,
753 struct mc_extended_log *ext_elog)
755 int i;
756 CPUPPCState *env = &cpu->env;
757 uint32_t summary;
758 uint64_t dsisr = env->spr[SPR_DSISR];
760 summary = RTAS_LOG_VERSION_6 | RTAS_LOG_OPTIONAL_PART_PRESENT;
761 if (recovered) {
762 summary |= RTAS_LOG_DISPOSITION_FULLY_RECOVERED;
763 } else {
764 summary |= RTAS_LOG_DISPOSITION_NOT_RECOVERED;
767 if (SRR1_MC_LOADSTORE(env->spr[SPR_SRR1])) {
768 for (i = 0; i < ARRAY_SIZE(mc_derror_table); i++) {
769 if (!(dsisr & mc_derror_table[i].dsisr_value)) {
770 continue;
773 ext_elog->mc.error_type = mc_derror_table[i].error_type;
774 ext_elog->mc.sub_err_type = mc_derror_table[i].error_subtype;
775 if (mc_derror_table[i].dar_valid) {
776 ext_elog->mc.effective_address = cpu_to_be64(env->spr[SPR_DAR]);
777 spapr_mc_set_ea_provided_flag(ext_elog);
780 summary |= mc_derror_table[i].initiator
781 | mc_derror_table[i].severity;
783 return summary;
785 } else {
786 for (i = 0; i < ARRAY_SIZE(mc_ierror_table); i++) {
787 if ((env->spr[SPR_SRR1] & mc_ierror_table[i].srr1_mask) !=
788 mc_ierror_table[i].srr1_value) {
789 continue;
792 ext_elog->mc.error_type = mc_ierror_table[i].error_type;
793 ext_elog->mc.sub_err_type = mc_ierror_table[i].error_subtype;
794 if (mc_ierror_table[i].nip_valid) {
795 ext_elog->mc.effective_address = cpu_to_be64(env->nip);
796 spapr_mc_set_ea_provided_flag(ext_elog);
799 summary |= mc_ierror_table[i].initiator
800 | mc_ierror_table[i].severity;
802 return summary;
806 summary |= RTAS_LOG_INITIATOR_CPU;
807 return summary;
810 static void spapr_mce_dispatch_elog(SpaprMachineState *spapr, PowerPCCPU *cpu,
811 bool recovered)
813 CPUState *cs = CPU(cpu);
814 CPUPPCState *env = &cpu->env;
815 uint64_t rtas_addr;
816 struct rtas_error_log log;
817 struct mc_extended_log *ext_elog;
818 uint32_t summary;
820 ext_elog = g_malloc0(sizeof(*ext_elog));
821 summary = spapr_mce_get_elog_type(cpu, recovered, ext_elog);
823 log.summary = cpu_to_be32(summary);
824 log.extended_length = cpu_to_be32(sizeof(*ext_elog));
826 spapr_init_v6hdr(&ext_elog->v6hdr);
827 ext_elog->mc.hdr.section_id = cpu_to_be16(RTAS_LOG_V6_SECTION_ID_MC);
828 ext_elog->mc.hdr.section_length =
829 cpu_to_be16(sizeof(struct rtas_event_log_v6_mc));
830 ext_elog->mc.hdr.section_version = 1;
832 /* get rtas addr from fdt */
833 rtas_addr = spapr_get_rtas_addr();
834 if (!rtas_addr) {
835 if (!recovered) {
836 error_report(
837 "FWNMI: Unable to deliver machine check to guest: rtas_addr not found.");
838 qemu_system_guest_panicked(NULL);
839 } else {
840 warn_report(
841 "FWNMI: Unable to deliver machine check to guest: rtas_addr not found. "
842 "Machine check recovered.");
844 g_free(ext_elog);
845 return;
849 * By taking the interlock, we assume that the MCE will be
850 * delivered to the guest. CAUTION: don't add anything that could
851 * prevent the MCE to be delivered after this line, otherwise the
852 * guest won't be able to release the interlock and ultimately
853 * hang/crash?
855 spapr->fwnmi_machine_check_interlock = cpu->vcpu_id;
857 stq_be_phys(&address_space_memory, rtas_addr + RTAS_ERROR_LOG_OFFSET,
858 env->gpr[3]);
859 cpu_physical_memory_write(rtas_addr + RTAS_ERROR_LOG_OFFSET +
860 sizeof(env->gpr[3]), &log, sizeof(log));
861 cpu_physical_memory_write(rtas_addr + RTAS_ERROR_LOG_OFFSET +
862 sizeof(env->gpr[3]) + sizeof(log), ext_elog,
863 sizeof(*ext_elog));
864 g_free(ext_elog);
866 env->gpr[3] = rtas_addr + RTAS_ERROR_LOG_OFFSET;
868 ppc_cpu_do_fwnmi_machine_check(cs, spapr->fwnmi_machine_check_addr);
871 void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
873 SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
874 CPUState *cs = CPU(cpu);
875 int ret;
876 Error *local_err = NULL;
878 if (spapr->fwnmi_machine_check_addr == -1) {
879 /* Non-FWNMI case, deliver it like an architected CPU interrupt. */
880 cs->exception_index = POWERPC_EXCP_MCHECK;
881 ppc_cpu_do_interrupt(cs);
882 return;
885 /* Wait for FWNMI interlock. */
886 while (spapr->fwnmi_machine_check_interlock != -1) {
888 * Check whether the same CPU got machine check error
889 * while still handling the mc error (i.e., before
890 * that CPU called "ibm,nmi-interlock")
892 if (spapr->fwnmi_machine_check_interlock == cpu->vcpu_id) {
893 if (!recovered) {
894 error_report(
895 "FWNMI: Unable to deliver machine check to guest: nested machine check.");
896 qemu_system_guest_panicked(NULL);
897 } else {
898 warn_report(
899 "FWNMI: Unable to deliver machine check to guest: nested machine check. "
900 "Machine check recovered.");
902 return;
904 qemu_cond_wait_iothread(&spapr->fwnmi_machine_check_interlock_cond);
905 if (spapr->fwnmi_machine_check_addr == -1) {
907 * If the machine was reset while waiting for the interlock,
908 * abort the delivery. The machine check applies to a context
909 * that no longer exists, so it wouldn't make sense to deliver
910 * it now.
912 return;
916 ret = migrate_add_blocker(spapr->fwnmi_migration_blocker, &local_err);
917 if (ret == -EBUSY) {
919 * We don't want to abort so we let the migration to continue.
920 * In a rare case, the machine check handler will run on the target.
921 * Though this is not preferable, it is better than aborting
922 * the migration or killing the VM. It is okay to call
923 * migrate_del_blocker on a blocker that was not added (which the
924 * nmi-interlock handler would do when it's called after this).
926 warn_report("Received a fwnmi while migration was in progress");
929 spapr_mce_dispatch_elog(spapr, cpu, recovered);
932 static void check_exception(PowerPCCPU *cpu, SpaprMachineState *spapr,
933 uint32_t token, uint32_t nargs,
934 target_ulong args,
935 uint32_t nret, target_ulong rets)
937 uint32_t mask, buf, len, event_len;
938 uint64_t xinfo;
939 SpaprEventLogEntry *event;
940 struct rtas_error_log header;
941 int i;
943 if ((nargs < 6) || (nargs > 7) || nret != 1) {
944 rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
945 return;
948 xinfo = rtas_ld(args, 1);
949 mask = rtas_ld(args, 2);
950 buf = rtas_ld(args, 4);
951 len = rtas_ld(args, 5);
952 if (nargs == 7) {
953 xinfo |= (uint64_t)rtas_ld(args, 6) << 32;
956 event = rtas_event_log_dequeue(spapr, mask);
957 if (!event) {
958 goto out_no_events;
961 event_len = event->extended_length + sizeof(header);
963 if (event_len < len) {
964 len = event_len;
967 header.summary = cpu_to_be32(event->summary);
968 header.extended_length = cpu_to_be32(event->extended_length);
969 cpu_physical_memory_write(buf, &header, sizeof(header));
970 cpu_physical_memory_write(buf + sizeof(header), event->extended_log,
971 event->extended_length);
972 rtas_st(rets, 0, RTAS_OUT_SUCCESS);
973 g_free(event->extended_log);
974 g_free(event);
976 /* according to PAPR+, the IRQ must be left asserted, or re-asserted, if
977 * there are still pending events to be fetched via check-exception. We
978 * do the latter here, since our code relies on edge-triggered
979 * interrupts.
981 for (i = 0; i < EVENT_CLASS_MAX; i++) {
982 if (rtas_event_log_contains(spapr, EVENT_CLASS_MASK(i))) {
983 const SpaprEventSource *source =
984 spapr_event_sources_get_source(spapr->event_sources, i);
986 g_assert(source->enabled);
987 qemu_irq_pulse(spapr_qirq(spapr, source->irq));
991 return;
993 out_no_events:
994 rtas_st(rets, 0, RTAS_OUT_NO_ERRORS_FOUND);
997 static void event_scan(PowerPCCPU *cpu, SpaprMachineState *spapr,
998 uint32_t token, uint32_t nargs,
999 target_ulong args,
1000 uint32_t nret, target_ulong rets)
1002 int i;
1003 if (nargs != 4 || nret != 1) {
1004 rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
1005 return;
1008 for (i = 0; i < EVENT_CLASS_MAX; i++) {
1009 if (rtas_event_log_contains(spapr, EVENT_CLASS_MASK(i))) {
1010 const SpaprEventSource *source =
1011 spapr_event_sources_get_source(spapr->event_sources, i);
1013 g_assert(source->enabled);
1014 qemu_irq_pulse(spapr_qirq(spapr, source->irq));
1018 rtas_st(rets, 0, RTAS_OUT_NO_ERRORS_FOUND);
1021 void spapr_clear_pending_events(SpaprMachineState *spapr)
1023 SpaprEventLogEntry *entry = NULL, *next_entry;
1025 QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {
1026 QTAILQ_REMOVE(&spapr->pending_events, entry, next);
1027 g_free(entry->extended_log);
1028 g_free(entry);
1032 void spapr_clear_pending_hotplug_events(SpaprMachineState *spapr)
1034 SpaprEventLogEntry *entry = NULL, *next_entry;
1036 QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {
1037 if (spapr_event_log_entry_type(entry) == RTAS_LOG_TYPE_HOTPLUG) {
1038 QTAILQ_REMOVE(&spapr->pending_events, entry, next);
1039 g_free(entry->extended_log);
1040 g_free(entry);
1045 void spapr_events_init(SpaprMachineState *spapr)
1047 int epow_irq = SPAPR_IRQ_EPOW;
1049 if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
1050 epow_irq = spapr_irq_findone(spapr, &error_fatal);
1053 spapr_irq_claim(spapr, epow_irq, false, &error_fatal);
1055 QTAILQ_INIT(&spapr->pending_events);
1057 spapr->event_sources = spapr_event_sources_new();
1059 spapr_event_sources_register(spapr->event_sources, EVENT_CLASS_EPOW,
1060 epow_irq);
1062 /* NOTE: if machine supports modern/dedicated hotplug event source,
1063 * we add it to the device-tree unconditionally. This means we may
1064 * have cases where the source is enabled in QEMU, but unused by the
1065 * guest because it does not support modern hotplug events, so we
1066 * take care to rely on checking for negotiation of OV5_HP_EVT option
1067 * before attempting to use it to signal events, rather than simply
1068 * checking that it's enabled.
1070 if (spapr->use_hotplug_event_source) {
1071 int hp_irq = SPAPR_IRQ_HOTPLUG;
1073 if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
1074 hp_irq = spapr_irq_findone(spapr, &error_fatal);
1077 spapr_irq_claim(spapr, hp_irq, false, &error_fatal);
1079 spapr_event_sources_register(spapr->event_sources, EVENT_CLASS_HOT_PLUG,
1080 hp_irq);
1083 spapr->epow_notifier.notify = spapr_powerdown_req;
1084 qemu_register_powerdown_notifier(&spapr->epow_notifier);
1085 spapr_rtas_register(RTAS_CHECK_EXCEPTION, "check-exception",
1086 check_exception);
1087 spapr_rtas_register(RTAS_EVENT_SCAN, "event-scan", event_scan);