/******************************************************************************
*
* Contributed by Advanced Micro Devices, Inc.
* Author: Christoph Egger <Christoph.Egger@amd.com>
*
* Guest OS machine check interface to x86 Xen.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
/* Full MCA functionality has the following Usecases from the guest side:
*
* Must have's:
* 1. Dom0 and DomU register machine check trap callback handlers
* (already done via "set_trap_table" hypercall)
* 2. Dom0 registers machine check event callback handler
* (doable via EVTCHNOP_bind_virq)
* 3. Dom0 and DomU fetches machine check data
* 4. Dom0 wants Xen to notify a DomU
* 5. Dom0 gets DomU ID from physical address
* 6. Dom0 wants Xen to kill DomU (already done for "xm destroy")
*
* Nice to have's:
* 7. Dom0 wants Xen to deactivate a physical CPU
* This is better done as separate task, physical CPU hotplugging,
* and hypercall(s) should be sysctl's
* 8. Page migration proposed from Xen NUMA work, where Dom0 can tell Xen to
* move a DomU (or Dom0 itself) away from a malicious page
* producing correctable errors.
* 9. offlining physical page:
* Xen free's and never re-uses a certain physical page.
* 10. Testfacility: Allow Dom0 to write values into machine check MSR's
* and tell Xen to trigger a machine check
*/
#ifndef __XEN_PUBLIC_ARCH_X86_MCA_H__
#define __XEN_PUBLIC_ARCH_X86_MCA_H__
/* Hypercall */
/*
* The xen-unstable repo has interface version 0x03000001; out interface
* is incompatible with that and any future minor revisions, so we
* choose a different version number range that is numerically less
* than that used in xen-unstable.
*/
/* IN: Dom0 calls hypercall to retrieve nonurgent telemetry */
/* IN: Dom0 acknowledges previosly-fetched telemetry */
/* OUT: All is ok */
/* OUT: Domain could not fetch data. */
/* OUT: There was no machine check data to fetch. */
/* OUT: Between notification time and this hypercall an other
* (most likely) correctable error happened. The fetched data,
* does not match the original machine check data. */
/* OUT: DomU did not register MC NMI handler. Try something else. */
/* OUT: Notifying DomU failed. Retry later or try something else. */
/* Note, XEN_MC_CANNOTHANDLE and XEN_MC_NOTDELIVERED are mutually exclusive. */
#ifndef __ASSEMBLY__
/*
* Machine Check Architecure:
* structs are read-only and used to report all kinds of
* correctable and uncorrectable errors detected by the HW.
* Dom0 and DomU: register a handler to get notified.
* Dom0 only: Correctable errors are reported via VIRQ_MCA
* Dom0 and DomU: Uncorrectable errors are reported via nmi handlers
*/
#define MC_TYPE_GLOBAL 0
struct mcinfo_common {
};
/* contains global x86 mc information */
struct mcinfo_global {
/* running domain at the time in error (most likely the impacted one) */
};
/* contains bank local x86 mc information */
struct mcinfo_bank {
* and if mc_addr is valid. Never valid on DomU. */
* if addr bit is set in mc_status */
};
struct mcinfo_msr {
};
/* contains mc information from other
* or additional mc MSRs */
struct mcinfo_extended {
/* You can fill up to five registers.
* If you need more, then use this structure
* multiple times. */
/*
* Currently Intel extended MSR (32/64) include all gp registers
* and E(R)FLAGS, E(R)IP, E(R)MISC, up to 11/19 of them might be
* useful at present. So expand this array to 16/32 to leave room.
*/
};
/* Recovery Action flags. Giving recovery result information to DOM0 */
/* Xen takes successful recovery action, the error is recovered */
/* No action is performed by XEN */
/* It's possible DOM0 might take action ownership in some case */
/* Different Recovery Action types, if the action is performed successfully,
* REC_ACTION_RECOVERED flag will be returned.
*/
/* Page Offline Action */
/* CPU offline Action */
/* L3 cache disable Action */
* information to DOM0.
* usage Senario: After offlining broken page, XEN might pass its page offline
* recovery action result to DOM0. DOM0 will save the information in
* non-volatile memory for further proactive actions, such as offlining the
* easy broken page earlier when doing next reboot.
*/
struct page_offline_action
{
/* Params for passing the offlined page number to DOM0 */
};
struct cpu_offline_action
{
/* Params for passing the identity of the offlined CPU to DOM0 */
};
struct mcinfo_recovery
{
union {
} action_info;
};
struct mc_info {
/* Number of mcinfo_* entries in mi_data */
};
struct mcinfo_logical_cpu {
};
/*
* OS's should use these instead of writing their own lookup function
* each with its own bugs and drawbacks.
* We use macros instead of static inline functions to allow guests
* to include this header in assembly files (*.S).
*/
/* Prototype:
* uint32_t x86_mcinfo_nentries(struct mc_info *mi);
*/
(_mi)->mi_nentries
/* Prototype:
* struct mcinfo_common *x86_mcinfo_first(struct mc_info *mi);
*/
/* Prototype:
* struct mcinfo_common *x86_mcinfo_next(struct mcinfo_common *mic);
*/
/* Prototype:
* void x86_mcinfo_lookup(void *ret, struct mc_info *mi, uint16_t type);
*/
do { \
struct mcinfo_common *_mic; \
\
found = 0; \
for (i = 0; i < x86_mcinfo_nentries(_mi); i++) { \
found = 1; \
break; \
} \
} \
} while (0)
/* Usecase 1
* Register machine check trap callback handler
* (already done via "set_trap_table" hypercall)
*/
/* Usecase 2
* Dom0 registers machine check event callback handler
* done by EVTCHNOP_bind_virq
*/
/* Usecase 3
* Fetch machine check data from hypervisor.
* Note, this hypercall is special, because both Dom0 and DomU must use this.
*/
struct xen_mc_fetch {
XEN_MC_ACK if ack'ing an earlier fetch */
/* OUT: XEN_MC_OK, XEN_MC_FETCHFAILED,
XEN_MC_NODATA, XEN_MC_NOMATCH */
/* OUT variables. */
};
/* Usecase 4
* This tells the hypervisor to notify a DomU about the machine check error
*/
struct xen_mc_notifydomain {
/* IN variables. */
* Usually echo'd value from the fetch hypercall. */
/* IN: XEN_MC_CORRECTABLE, XEN_MC_TRAP */
/* OUT: XEN_MC_OK, XEN_MC_CANNOTHANDLE, XEN_MC_NOTDELIVERED, XEN_MC_NOMATCH */
};
struct xen_mc_physcpuinfo {
/* OUT */
};
struct xen_mc_msrinject {
/* IN */
};
/* Flags for mcinj_flags above; bits 16-31 are reserved */
struct xen_mc_mceinject {
};
struct xen_mc {
union {
} u;
};
#endif /* __ASSEMBLY__ */
#endif /* __XEN_PUBLIC_ARCH_X86_MCA_H__ */