205 lines
8.2 KiB
ReStructuredText
205 lines
8.2 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
====================
|
|
APEI Error INJection
|
|
====================
|
|
|
|
EINJ provides a hardware error injection mechanism. It is very useful
|
|
for debugging and testing APEI and RAS features in general.
|
|
|
|
You need to check whether your BIOS supports EINJ first. For that, look
|
|
for early boot messages similar to this one::
|
|
|
|
ACPI: EINJ 0x000000007370A000 000150 (v01 INTEL 00000001 INTL 00000001)
|
|
|
|
which shows that the BIOS is exposing an EINJ table - it is the
|
|
mechanism through which the injection is done.
|
|
|
|
Alternatively, look in /sys/firmware/acpi/tables for an "EINJ" file,
|
|
which is a different representation of the same thing.
|
|
|
|
It doesn't necessarily mean that EINJ is not supported if those above
|
|
don't exist: before you give up, go into BIOS setup to see if the BIOS
|
|
has an option to enable error injection. Look for something called WHEA
|
|
or similar. Often, you need to enable an ACPI5 support option prior, in
|
|
order to see the APEI,EINJ,... functionality supported and exposed by
|
|
the BIOS menu.
|
|
|
|
To use EINJ, make sure the following are options enabled in your kernel
|
|
configuration::
|
|
|
|
CONFIG_DEBUG_FS
|
|
CONFIG_ACPI_APEI
|
|
CONFIG_ACPI_APEI_EINJ
|
|
|
|
The EINJ user interface is in <debugfs mount point>/apei/einj.
|
|
|
|
The following files belong to it:
|
|
|
|
- available_error_type
|
|
|
|
This file shows which error types are supported:
|
|
|
|
================ ===================================
|
|
Error Type Value Error Description
|
|
================ ===================================
|
|
0x00000001 Processor Correctable
|
|
0x00000002 Processor Uncorrectable non-fatal
|
|
0x00000004 Processor Uncorrectable fatal
|
|
0x00000008 Memory Correctable
|
|
0x00000010 Memory Uncorrectable non-fatal
|
|
0x00000020 Memory Uncorrectable fatal
|
|
0x00000040 PCI Express Correctable
|
|
0x00000080 PCI Express Uncorrectable non-fatal
|
|
0x00000100 PCI Express Uncorrectable fatal
|
|
0x00000200 Platform Correctable
|
|
0x00000400 Platform Uncorrectable non-fatal
|
|
0x00000800 Platform Uncorrectable fatal
|
|
================ ===================================
|
|
|
|
The format of the file contents are as above, except present are only
|
|
the available error types.
|
|
|
|
- error_type
|
|
|
|
Set the value of the error type being injected. Possible error types
|
|
are defined in the file available_error_type above.
|
|
|
|
- error_inject
|
|
|
|
Write any integer to this file to trigger the error injection. Make
|
|
sure you have specified all necessary error parameters, i.e. this
|
|
write should be the last step when injecting errors.
|
|
|
|
- flags
|
|
|
|
Present for kernel versions 3.13 and above. Used to specify which
|
|
of param{1..4} are valid and should be used by the firmware during
|
|
injection. Value is a bitmask as specified in ACPI5.0 spec for the
|
|
SET_ERROR_TYPE_WITH_ADDRESS data structure:
|
|
|
|
Bit 0
|
|
Processor APIC field valid (see param3 below).
|
|
Bit 1
|
|
Memory address and mask valid (param1 and param2).
|
|
Bit 2
|
|
PCIe (seg,bus,dev,fn) valid (see param4 below).
|
|
|
|
If set to zero, legacy behavior is mimicked where the type of
|
|
injection specifies just one bit set, and param1 is multiplexed.
|
|
|
|
- param1
|
|
|
|
This file is used to set the first error parameter value. Its effect
|
|
depends on the error type specified in error_type. For example, if
|
|
error type is memory related type, the param1 should be a valid
|
|
physical memory address. [Unless "flag" is set - see above]
|
|
|
|
- param2
|
|
|
|
Same use as param1 above. For example, if error type is of memory
|
|
related type, then param2 should be a physical memory address mask.
|
|
Linux requires page or narrower granularity, say, 0xfffffffffffff000.
|
|
|
|
- param3
|
|
|
|
Used when the 0x1 bit is set in "flags" to specify the APIC id
|
|
|
|
- param4
|
|
Used when the 0x4 bit is set in "flags" to specify target PCIe device
|
|
|
|
- notrigger
|
|
|
|
The error injection mechanism is a two-step process. First inject the
|
|
error, then perform some actions to trigger it. Setting "notrigger"
|
|
to 1 skips the trigger phase, which *may* allow the user to cause the
|
|
error in some other context by a simple access to the CPU, memory
|
|
location, or device that is the target of the error injection. Whether
|
|
this actually works depends on what operations the BIOS actually
|
|
includes in the trigger phase.
|
|
|
|
BIOS versions based on the ACPI 4.0 specification have limited options
|
|
in controlling where the errors are injected. Your BIOS may support an
|
|
extension (enabled with the param_extension=1 module parameter, or boot
|
|
command line einj.param_extension=1). This allows the address and mask
|
|
for memory injections to be specified by the param1 and param2 files in
|
|
apei/einj.
|
|
|
|
BIOS versions based on the ACPI 5.0 specification have more control over
|
|
the target of the injection. For processor-related errors (type 0x1, 0x2
|
|
and 0x4), you can set flags to 0x3 (param3 for bit 0, and param1 and
|
|
param2 for bit 1) so that you have more information added to the error
|
|
signature being injected. The actual data passed is this::
|
|
|
|
memory_address = param1;
|
|
memory_address_range = param2;
|
|
apicid = param3;
|
|
pcie_sbdf = param4;
|
|
|
|
For memory errors (type 0x8, 0x10 and 0x20) the address is set using
|
|
param1 with a mask in param2 (0x0 is equivalent to all ones). For PCI
|
|
express errors (type 0x40, 0x80 and 0x100) the segment, bus, device and
|
|
function are specified using param1::
|
|
|
|
31 24 23 16 15 11 10 8 7 0
|
|
+-------------------------------------------------+
|
|
| segment | bus | device | function | reserved |
|
|
+-------------------------------------------------+
|
|
|
|
Anyway, you get the idea, if there's doubt just take a look at the code
|
|
in drivers/acpi/apei/einj.c.
|
|
|
|
An ACPI 5.0 BIOS may also allow vendor-specific errors to be injected.
|
|
In this case a file named vendor will contain identifying information
|
|
from the BIOS that hopefully will allow an application wishing to use
|
|
the vendor-specific extension to tell that they are running on a BIOS
|
|
that supports it. All vendor extensions have the 0x80000000 bit set in
|
|
error_type. A file vendor_flags controls the interpretation of param1
|
|
and param2 (1 = PROCESSOR, 2 = MEMORY, 4 = PCI). See your BIOS vendor
|
|
documentation for details (and expect changes to this API if vendors
|
|
creativity in using this feature expands beyond our expectations).
|
|
|
|
|
|
An error injection example::
|
|
|
|
# cd /sys/kernel/debug/apei/einj
|
|
# cat available_error_type # See which errors can be injected
|
|
0x00000002 Processor Uncorrectable non-fatal
|
|
0x00000008 Memory Correctable
|
|
0x00000010 Memory Uncorrectable non-fatal
|
|
# echo 0x12345000 > param1 # Set memory address for injection
|
|
# echo 0xfffffffffffff000 > param2 # Mask - anywhere in this page
|
|
# echo 0x8 > error_type # Choose correctable memory error
|
|
# echo 1 > error_inject # Inject now
|
|
|
|
You should see something like this in dmesg::
|
|
|
|
[22715.830801] EDAC sbridge MC3: HANDLING MCE MEMORY ERROR
|
|
[22715.834759] EDAC sbridge MC3: CPU 0: Machine Check Event: 0 Bank 7: 8c00004000010090
|
|
[22715.834759] EDAC sbridge MC3: TSC 0
|
|
[22715.834759] EDAC sbridge MC3: ADDR 12345000 EDAC sbridge MC3: MISC 144780c86
|
|
[22715.834759] EDAC sbridge MC3: PROCESSOR 0:306e7 TIME 1422553404 SOCKET 0 APIC 0
|
|
[22716.616173] EDAC MC3: 1 CE memory read error on CPU_SrcID#0_Channel#0_DIMM#0 (channel:0 slot:0 page:0x12345 offset:0x0 grain:32 syndrome:0x0 - area:DRAM err_code:0001:0090 socket:0 channel_mask:1 rank:0)
|
|
|
|
Special notes for injection into SGX enclaves:
|
|
|
|
There may be a separate BIOS setup option to enable SGX injection.
|
|
|
|
The injection process consists of setting some special memory controller
|
|
trigger that will inject the error on the next write to the target
|
|
address. But the h/w prevents any software outside of an SGX enclave
|
|
from accessing enclave pages (even BIOS SMM mode).
|
|
|
|
The following sequence can be used:
|
|
1) Determine physical address of enclave page
|
|
2) Use "notrigger=1" mode to inject (this will setup
|
|
the injection address, but will not actually inject)
|
|
3) Enter the enclave
|
|
4) Store data to the virtual address matching physical address from step 1
|
|
5) Execute CLFLUSH for that virtual address
|
|
6) Spin delay for 250ms
|
|
7) Read from the virtual address. This will trigger the error
|
|
|
|
For more information about EINJ, please refer to ACPI specification
|
|
version 4.0, section 17.5 and ACPI 5.0, section 18.6.
|