From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CEE1FE7F144 for ; Tue, 26 Sep 2023 23:03:49 +0000 (UTC) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=EAvZ3vNy; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4RwFfW64ypz3cDl for ; Wed, 27 Sep 2023 09:03:47 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=EAvZ3vNy; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=kernel.org (client-ip=145.40.68.75; helo=ams.source.kernel.org; envelope-from=helgaas@kernel.org; receiver=lists.ozlabs.org) Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4RwFdV06dbz3bx0 for ; Wed, 27 Sep 2023 09:02:53 +1000 (AEST) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 1DF70B81240; Tue, 26 Sep 2023 23:02:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0CD1EC433C7; Tue, 26 Sep 2023 23:02:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695769369; bh=je6g4sK4peKsh1qGI9bWWT/XBfOKZh3dIb4/VXqVR94=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=EAvZ3vNy2vbk5wk/qfuZFLTEzYgxPC0IYYVZYNR1ywjJCc/PknMAGU9l9YgkeUC0D IuCC0cbREtDSWvQO/d+8xxXF+rvW+7sIJh4gkPkycF0XSKWoHqOd8kzk10XbDgzylE y6loJllN6SBw6Lqj3JNsIraIOGu+Q1prRZTdWYcFyEXnYtiHcGW/Nbdv9wpENKYprW 3Zt76Rn69EOBuO3S/HiKtmJg9qR2z4o6HsIVeHe3BhsCs8hvQWo1SEXbnScSnTsI0w bLtk+MvKaBJqKNx4vERctWe0Lk/crpGPtb3oigWZknhckvTcDY3fmVO5ShaLZpfJxG 5z1iuIuI0PrsA== Date: Tue, 26 Sep 2023 18:02:47 -0500 From: Bjorn Helgaas To: Shuai Xue Subject: Re: Questions: Should kernel panic when PCIe fatal error occurs? Message-ID: <20230926230247.GA429368@bhelgaas> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Miaohe Lin , "wangkefeng.wang@huawei.com" , "Rafael J. Wysocki" , gregkh@linuxfoundation.org, Linux PCI , mahesh@linux.ibm.com, "linux-kernel@vger.kernel.org" , "linux-acpi@vger.kernel.org" , "tanxiaofei@huawei.com" , "bp@alien8.de" , Baolin Wang , Jonathan Cameron , bhelgaas@google.com, "james.morse@arm.com" , "linuxppc-dev@lists.ozlabs.org" , "lenb@kernel.org" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Fri, Sep 22, 2023 at 10:46:36AM +0800, Shuai Xue wrote: > ... > Actually, this is a question from my colleague from firmware team. > The original question is that: > > "Should I set CPER_SEV_FATAL for Generic Error Status Block when a > PCIe fatal error is detected? If set, kernel will always panic. > Otherwise, kernel will always not panic." > > So I pull a question about desired behavior of Linux kernel first :) > From the perspective of the kernel, CPER_SEV_FATAL for Generic Error > Status Block is not reasonable. The kernel will attempt to recover > Fatal errors, although recovery may fail. I don't know the semantics of CPER_SEV_FATAL or why it's there. With CPER, we have *two* error severities: a "native" one defined by the PCIe spec and another defined by the platform via CPER. I speculate that the reason for the CPER severity could be to provide a severity for error sources that don't have a "native" severity like AER does, or for the vendor to force the OS to restart (for CPER_SEV_FATAL, anyway) in cases where it might not otherwise. In the native case, we only have the PCIe severity and don't have the CPER severity at all, and I suspect that unless there's uncontained data corruption, we would rather handle even the most severe PCIe fatal error by disabling the specific device(s) instead of panicking and restarting the whole machine. So for PCIe errors, I'm not sure setting CPER_SEV_FATAL is beneficial unless the platform wants to force the OS to panic, e.g., maybe the platform knows about data corruption and/or the vendor wants the OS to panic as part of a reliability story. Presumably the platform has already logged the error, and I assume the platform *could* restart without even returning to the OS, but maybe it wants the OS to do a crashdump or shutdown in a more orderly way. Bjorn