This patch add support for RTAS-based error injection on pseries platforms using a new implementation in the pseries_eeh_err_inject() function. The feature allows controlled injection of synthetic hardware errors for testing and validation purposes, such as PCI and memory faults.
Highlights of the implementation: - Dynamically acquires RTAS tokens for ibm,open-errinjct, ibm,errinjct, and ibm,close-errinjct services. A complete open-call-close session is managed as per the platform firmware interface. - A 1KB aligned and zero-initialized working buffer is allocated and filled according to the specified error type. Buffer layouts strictly follow PAPR documentation. - Supports multiple error types: * 0x03 - recovered-special-event * 0x04 - corrupted-page * 0x07 - ioa-bus-error (32-bit) * 0x0F - ioa-bus-error-64 (64-bit) * 0x09 - corrupted-dcache-start * 0x0A - corrupted-dcache-end * 0x0B - corrupted-icache-start * 0x0C - corrupted-icache-end * 0x0D - corrupted-tlb-start * 0x0E - corrupted-tlb-end - All RTAS parameters are passed in big-endian format using cpu_to_be32(). - Proper status code handling and detailed debug output via printk. Handles special conditions like already open sessions and unsupported operations. - The error-specific buffer population logic is refactored into a helper for maintainability and clarity. Tested on a PowerVM guest with firmware support for RTAS error injection. Includes tracing support via bpftrace and in-kernel printk debugging. Note : error injection from guest tested with the qemu patches https://lore.kernel.org/all/[email protected]/ Signed-off-by: Narayana Murty N <[email protected]> --- arch/powerpc/include/asm/rtas.h | 4 + arch/powerpc/include/uapi/asm/eeh.h | 18 + arch/powerpc/kernel/rtas.c | 6 + arch/powerpc/platforms/pseries/eeh_pseries.c | 424 ++++++++++++++++++- 4 files changed, 434 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/rtas.h b/arch/powerpc/include/asm/rtas.h index d046bbd5017d..cb5f6475747c 100644 --- a/arch/powerpc/include/asm/rtas.h +++ b/arch/powerpc/include/asm/rtas.h @@ -519,6 +519,10 @@ int rtas_get_error_log_max(void); extern spinlock_t rtas_data_buf_lock; extern char rtas_data_buf[RTAS_DATA_BUF_SIZE]; +#define RTAS_ERRINJCT_BUF_SIZE 1024 +extern spinlock_t rtas_errinjct_buf_lock; +extern char rtas_errinjct_buf[RTAS_ERRINJCT_BUF_SIZE]; + /* RMO buffer reserved for user-space RTAS use */ extern unsigned long rtas_rmo_buf; diff --git a/arch/powerpc/include/uapi/asm/eeh.h b/arch/powerpc/include/uapi/asm/eeh.h index 3b5c47ff3fc4..86645cab2827 100644 --- a/arch/powerpc/include/uapi/asm/eeh.h +++ b/arch/powerpc/include/uapi/asm/eeh.h @@ -41,4 +41,22 @@ #define EEH_ERR_FUNC_DMA_WR_TARGET 19 #define EEH_ERR_FUNC_MAX 19 +/* RTAS PCI Error Injection Token Types */ +#define RTAS_ERR_TYPE_FATAL 0x1 +#define RTAS_ERR_TYPE_RECOVERED_RANDOM_EVENT 0x2 +#define RTAS_ERR_TYPE_RECOVERED_SPECIAL_EVENT 0x3 +#define RTAS_ERR_TYPE_CORRUPTED_PAGE 0x4 +#define RTAS_ERR_TYPE_CORRUPTED_SLB 0x5 +#define RTAS_ERR_TYPE_TRANSLATOR_FAILURE 0x6 +#define RTAS_ERR_TYPE_IOA_BUS_ERROR 0x7 +#define RTAS_ERR_TYPE_PLATFORM_SPECIFIC 0x8 +#define RTAS_ERR_TYPE_CORRUPTED_DCACHE_START 0x9 +#define RTAS_ERR_TYPE_CORRUPTED_DCACHE_END 0xA +#define RTAS_ERR_TYPE_CORRUPTED_ICACHE_START 0xB +#define RTAS_ERR_TYPE_CORRUPTED_ICACHE_END 0xC +#define RTAS_ERR_TYPE_CORRUPTED_TLB_START 0xD +#define RTAS_ERR_TYPE_CORRUPTED_TLB_END 0xE +#define RTAS_ERR_TYPE_IOA_BUS_ERROR_64 0xF +#define RTAS_ERR_TYPE_UPSTREAM_IO_ERROR 0x10 + #endif /* _ASM_POWERPC_EEH_H */ diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index 8d81c1e7a8db..04c707100dab 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -769,6 +769,12 @@ EXPORT_SYMBOL_GPL(rtas_data_buf); unsigned long rtas_rmo_buf; +DEFINE_SPINLOCK(rtas_errinjct_buf_lock); +EXPORT_SYMBOL_GPL(rtas_errinjct_buf_lock); + +char rtas_errinjct_buf[1024] __aligned(SZ_1K); +EXPORT_SYMBOL_GPL(rtas_errinjct_buf); + /* * If non-NULL, this gets called when the kernel terminates. * This is done like this so rtas_flash can be a module. diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c index b12ef382fec7..b06fcaf7282d 100644 --- a/arch/powerpc/platforms/pseries/eeh_pseries.c +++ b/arch/powerpc/platforms/pseries/eeh_pseries.c @@ -786,6 +786,358 @@ static int pseries_notify_resume(struct eeh_dev *edev) } #endif +/** + * validate_addr_mask_in_pe - Validate that an addr+mask fall within PE's BARs + * @pe: EEH PE containing one or more PCI devices + * @addr: Address to validate + * @mask: Address mask to validate + * + * Checks that @addr is mapped into a BAR/MMIO region of any device belonging + * to the PE. If @mask is non-zero, ensures it is consistent with @addr. + * + * Return: 0 if valid, RTAS_INVALID_PARAMETER on failure. + */ + +static int validate_addr_mask_in_pe(struct eeh_pe *pe, unsigned long addr, + unsigned long mask) +{ + struct eeh_dev *edev, *tmp; + struct pci_dev *pdev; + int bar; + resource_size_t bar_start, bar_len; + bool valid = false; + + /* nothing to validate */ + if (addr == 0 && mask == 0) + return 0; + + eeh_pe_for_each_dev(pe, edev, tmp) { + pdev = eeh_dev_to_pci_dev(edev); + if (!pdev) + continue; + + for (bar = 0; bar < PCI_NUM_RESOURCES; bar++) { + bar_start = pci_resource_start(pdev, bar); + bar_len = pci_resource_len(pdev, bar); + + if (!bar_len) + continue; + + if (addr >= bar_start && addr < (bar_start + bar_len)) { + /* ensure mask makes sense for the addr value */ + if ((addr & mask) != addr) { + pr_err("EEH: Mask 0x%lx invalid for addr 0x%lx in BAR[%d] range 0x%llx-0x%llx\n", + mask, addr, bar, + (unsigned long long)bar_start, + (unsigned long long)(bar_start + bar_len)); + return RTAS_INVALID_PARAMETER; + } + + pr_debug("EEH: addr=0x%lx with mask=0x%lx validated in BAR[%d] of %s\n", + addr, mask, bar, pci_name(pdev)); + valid = true; + } + } + } + + if (!valid) { + pr_err("EEH: addr=0x%lx not valid within any BAR of any device in PE\n", + addr); + return RTAS_INVALID_PARAMETER; + } + + return 0; +} + +/** + * validate_err_type - Basic sanity check for RTAS error type + * @type: RTAS error type + * + * Ensures that the error type is within the valid RTAS error type range. + * + * Return: true if valid, false otherwise. + */ + +static bool validate_err_type(int type) +{ + /* sanity check */ + if (type < RTAS_ERR_TYPE_FATAL || + type > RTAS_ERR_TYPE_UPSTREAM_IO_ERROR) + return false; + + return true; +} + +/** + * validate_special_event - Validate parameters for special-event injection + * @addr: Address parameter (should be zero) + * @mask: Mask parameter (should be zero) + * + * Special-event error injection should not take addr/mask. Rejects if either + * is set. + * + * Return: 0 if valid, RTAS_INVALID_PARAMETER otherwise. + */ + +static int validate_special_event(unsigned long addr, unsigned long mask) +{ + if (addr || mask) { + pr_err("EEH: Special-event should not specify addr/mask\n"); + return RTAS_INVALID_PARAMETER; + } + return 0; +} + +/** + * validate_corrupted_page - Validate parameters for corrupted-page injection + * @pe: EEH PE (unused here, for consistency) + * @addr: Physical page address (required) + * @mask: Address mask (ignored if non-zero) + * + * Ensures a valid non-zero page address is provided. Warns if mask is set. + * + * Return: 0 if valid, RTAS_INVALID_PARAMETER otherwise. + */ + +static int validate_corrupted_page(struct eeh_pe *pe, + unsigned long addr, unsigned long mask) +{ + if (!addr) { + pr_err("EEH: corrupted-page requires non-zero addr\n"); + return RTAS_INVALID_PARAMETER; + } + /* Mask not meaningful for corrupted-page */ + if (mask) + pr_warn("EEH: corrupted-page ignoring mask=0x%lx\n", mask); + return 0; +} + +/** + * validate_ioa_bus_error - Validate parameters for IOA bus error injection + * @pe: EEH PE whose BARs are validated against + * @addr: Address parameter (optional) + * @mask: Mask parameter (optional) + * + * For IOA bus error injections, @addr and @mask are optional. If present, + * they must map into the PE's MMIO/CFG space. + * + * Return: 0 if valid or addr/mask absent, RTAS_INVALID_PARAMETER otherwise. + */ + +static int validate_ioa_bus_error(struct eeh_pe *pe, + unsigned long addr, unsigned long mask) +{ + /* Must map into BAR/MMIO/CFG space of PE */ + return validate_addr_mask_in_pe(pe, addr, mask); +} + +/** + * prepare_errinjct_buffer - Prepare RTAS error injection work buffer + * @pe: EEH PE for the target device(s) + * @type: RTAS error type + * @func: Error function selector (semantics vary by type) + * @addr: Address argument (type-dependent) + * @mask: Mask argument (type-dependent) + * + * Clears the global error injection work buffer and populates it based on + * the error type and parameters provided. Performs inline validation of the + * arguments for each supported error type. + * + * Return: 0 on success, or RTAS_INVALID_PARAMETER / -EINVAL on failure. + */ + +static int prepare_errinjct_buffer(struct eeh_pe *pe, int type, int func, + unsigned long addr, unsigned long mask) +{ + u64 *buf64; + u32 *buf32; + + memset(rtas_errinjct_buf, 0, RTAS_ERRINJCT_BUF_SIZE); + buf64 = (u64 *)rtas_errinjct_buf; + buf32 = (u32 *)rtas_errinjct_buf; + + switch (type) { + case RTAS_ERR_TYPE_RECOVERED_SPECIAL_EVENT: + /* func must be 1 = non-persistent or 2 = persistent */ + if (func < 1 || func > 2) + return RTAS_INVALID_PARAMETER; + if (addr == 0 && mask == 0) + return RTAS_INVALID_PARAMETER; + + if (validate_special_event(addr, mask)) + return RTAS_INVALID_PARAMETER; + + buf32[0] = cpu_to_be32(func); + break; + + case RTAS_ERR_TYPE_CORRUPTED_PAGE: + /* addr required: physical page address */ + if (addr == 0) + return RTAS_INVALID_PARAMETER; + + if (validate_corrupted_page(pe, addr, mask)) + return RTAS_INVALID_PARAMETER; + + buf32[0] = cpu_to_be32(upper_32_bits(addr)); + buf32[1] = cpu_to_be32(lower_32_bits(addr)); + break; + + case RTAS_ERR_TYPE_IOA_BUS_ERROR: + /* 32-bit IOA bus error: addr/mask optional */ + if (func < EEH_ERR_FUNC_LD_MEM_ADDR || func > EEH_ERR_FUNC_MAX) + return RTAS_INVALID_PARAMETER; + + if (addr || mask) { + if (validate_ioa_bus_error(pe, addr, mask)) + return RTAS_INVALID_PARAMETER; + } + + buf32[0] = cpu_to_be32((u32)addr); + buf32[1] = cpu_to_be32((u32)mask); + buf32[2] = cpu_to_be32(pe->addr); + buf32[3] = cpu_to_be32(BUID_HI(pe->phb->buid)); + buf32[4] = cpu_to_be32(BUID_LO(pe->phb->buid)); + buf32[5] = cpu_to_be32(func); + break; + + case RTAS_ERR_TYPE_IOA_BUS_ERROR_64: + /* 64-bit IOA bus error: addr/mask optional */ + if (func < EEH_ERR_FUNC_MIN || func > EEH_ERR_FUNC_MAX) + return RTAS_INVALID_PARAMETER; + + if (addr || mask) { + if (validate_ioa_bus_error(pe, addr, mask)) + return RTAS_INVALID_PARAMETER; + } + + buf64[0] = cpu_to_be64(addr); + buf64[1] = cpu_to_be64(mask); + buf32[4] = cpu_to_be32(pe->addr); + buf32[5] = cpu_to_be32(BUID_HI(pe->phb->buid)); + buf32[6] = cpu_to_be32(BUID_LO(pe->phb->buid)); + buf32[7] = cpu_to_be32(func); + break; + + case RTAS_ERR_TYPE_CORRUPTED_DCACHE_START: + case RTAS_ERR_TYPE_CORRUPTED_DCACHE_END: + case RTAS_ERR_TYPE_CORRUPTED_ICACHE_START: + case RTAS_ERR_TYPE_CORRUPTED_ICACHE_END: + /* addr/mask optional, no strict validation */ + buf32[0] = cpu_to_be32(addr); + buf32[1] = cpu_to_be32(mask); + break; + + case RTAS_ERR_TYPE_CORRUPTED_TLB_START: + case RTAS_ERR_TYPE_CORRUPTED_TLB_END: + /* only addr field relevant */ + buf32[0] = cpu_to_be32(addr); + break; + + default: + pr_err("EEH: Unsupported error type 0x%x\n", type); + return -EINVAL; + } + + pr_debug("RTAS: errinjct buffer prepared: type=%d func=%d addr=0x%lx mask=0x%lx\n", + type, func, addr, mask); + + return 0; +} + +/** + * rtas_open_errinjct_session - Open an RTAS error injection session + * + * Opens a session with the RTAS ibm,open-errinjct service. + * + * Return: Positive session token on success, negative error code on failure. + */ +static int rtas_open_errinjct_session(void) +{ + int open_token, args[2] = {0}; + int rc, status, session_token = -1; + + open_token = rtas_function_token(RTAS_FN_IBM_OPEN_ERRINJCT); + if (open_token == RTAS_UNKNOWN_SERVICE) { + pr_err("RTAS: ibm,open-errinjct not available\n"); + return RTAS_UNKNOWN_SERVICE; + } + + /* Call open; original code treated rtas_call return as session token */ + rc = rtas_call(open_token, 0, 2, args); + status = args[0]; + if (status != 0) { + pr_err("RTAS: open-errinjct failed: status=%d args[1]=%d rc=%d\n", + status, args[1], rc); + return status ? status : -EIO; + } + + session_token = rc; + pr_info("RTAS: Opened injection session: token=%d\n", session_token); + return session_token; +} + +/** + * rtas_close_errinjct_session - Close an RTAS error injection session + * @session_token: Session token returned from open + * + * Attempts to close a previously opened error injection session. Best-effort; + * logs warnings if close fails or if service is unavailable. + */ + +static void rtas_close_errinjct_session(int session_token) +{ + int close_token, args[2] = {0}; + int rc; + + if (session_token < 0) + return; + + close_token = rtas_function_token(RTAS_FN_IBM_CLOSE_ERRINJCT); + if (close_token == RTAS_UNKNOWN_SERVICE) { + pr_warn("RTAS: close-errinjct not available\n"); + return; + } + + args[0] = session_token; + rc = rtas_call(close_token, 1, 1, args); + if (rc) { + pr_warn("RTAS: close-errinjct rc=%d, args[0]=%d, args[1]=%d\n", + rc, args[0], args[1]); + } +} + +/** + * do_errinjct_call - Invoke the RTAS error injection service + * @errinjct_token: RTAS token for ibm,errinjct + * @type: RTAS error type + * @session_token: RTAS error injection session token + * + * Issues the RTAS ibm,errinjct call with the prepared work buffer. Logs errors + * on failure. + * + * Return: 0 on success, negative error code otherwise. + */ + +static int do_errinjct_call(int errinjct_token, int type, int session_token) +{ + int rc, status; + + if (errinjct_token == RTAS_UNKNOWN_SERVICE) + return -ENODEV; + + /* errinjct takes: type, session_token, workbuf pointer (3 in), returns status */ + rc = rtas_call(errinjct_token, 3, 1, &status, type, session_token, + rtas_errinjct_buf); + + if (rc || status) { + pr_err("RTAS: errinjct failed: rc=%d, status=%d\n", rc, status); + return status ? status : -EIO; + } + + pr_info("RTAS: errinjct ok: rc=%d, status=%d\n", rc, status); + return 0; +} + /** * pseries_eeh_err_inject - Inject specified error to the indicated PE * @pe: the indicated PE @@ -799,30 +1151,66 @@ static int pseries_notify_resume(struct eeh_dev *edev) static int pseries_eeh_err_inject(struct eeh_pe *pe, int type, int func, unsigned long addr, unsigned long mask) { - struct eeh_dev *pdev; + int rc = 0; + int session_token = -1; + int errinjct_token; + + /* Validate type */ + if (!validate_err_type(type)) { + pr_err("RTAS: invalid error type 0x%x\n", type); + return RTAS_INVALID_PARAMETER; + } + pr_debug("RTAS: error type 0x%x\n", type); - /* Check on PCI error type */ - if (type != EEH_ERR_TYPE_32 && type != EEH_ERR_TYPE_64) - return -EINVAL; + /* For IOA bus errors we must validate err_func and addr/mask in PE. + * For other types: if addr/mask present we'll still validate BAR range; + * otherwise skip function checks. + */ + if (type == RTAS_ERR_TYPE_IOA_BUS_ERROR || + type == RTAS_ERR_TYPE_IOA_BUS_ERROR_64) { + /* Validate that addr/mask fall in the PE's BAR ranges */ + rc = validate_addr_mask_in_pe(pe, addr, mask); + if (rc) + return rc; + } else if (addr || mask) { + /* If caller provided addr/mask for a non-IOA type, do a BAR check too */ + rc = validate_addr_mask_in_pe(pe, addr, mask); + if (rc) + return rc; + } - switch (func) { - case EEH_ERR_FUNC_LD_MEM_ADDR: - case EEH_ERR_FUNC_LD_MEM_DATA: - case EEH_ERR_FUNC_ST_MEM_ADDR: - case EEH_ERR_FUNC_ST_MEM_DATA: - /* injects a MMIO error for all pdev's belonging to PE */ - pci_lock_rescan_remove(); - list_for_each_entry(pdev, &pe->edevs, entry) - eeh_pe_inject_mmio_error(pdev->pdev); - pci_unlock_rescan_remove(); - break; - default: - return -ERANGE; + /* Open RTAS session */ + session_token = rtas_open_errinjct_session(); + if (session_token < 0) + return session_token; + + /* get errinjct token */ + errinjct_token = rtas_function_token(RTAS_FN_IBM_ERRINJCT); + if (errinjct_token == RTAS_UNKNOWN_SERVICE) { + pr_err("RTAS: ibm,errinjct not available\n"); + rc = -ENODEV; + goto out_close; } - return 0; + /* prepare shared buffer while holding lock */ + spin_lock(&rtas_errinjct_buf_lock); + rc = prepare_errinjct_buffer(pe, type, func, addr, mask); + if (rc) { + spin_unlock(&rtas_errinjct_buf_lock); + goto out_close; + } + + /* perform the errinjct RTAS call */ + rc = do_errinjct_call(errinjct_token, type, session_token); + spin_unlock(&rtas_errinjct_buf_lock); + +out_close: + /* always attempt close if we opened a session */ + rtas_close_errinjct_session(session_token); + return rc; } + static struct eeh_ops pseries_eeh_ops = { .name = "pseries", .probe = pseries_eeh_probe, -- 2.50.0
