aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorTim Hockin <thockin@google.com>2007-07-21 11:10:37 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-21 21:37:10 -0400
commitbd78432c8f209a1028f4e5bada8b1da1d8e4da09 (patch)
treed807bc0f28f3157927f93c37c3e5002b00633b2e /Documentation
parente02e68d31e2d436197386997727b216fee9c4623 (diff)
x86_64: mcelog tolerant level cleanup
Background: The MCE handler has several paths that it can take, depending on various conditions of the MCE status and the value of the 'tolerant' knob. The exact semantics are not well defined and the code is a bit twisty. Description: This patch makes the MCE handler's behavior more clear by documenting the behavior for various 'tolerant' levels. It also fixes or enhances several small things in the handler. Specifically: * If RIPV is set it is not safe to restart, so set the 'no way out' flag rather than the 'kill it' flag. * Don't panic() on correctable MCEs. * If the _OVER bit is set *and* the _UC bit is set (meaning possibly dropped uncorrected errors), set the 'no way out' flag. * Use EIPV for testing whether an app can be killed (SIGBUS) rather than RIPV. According to docs, EIPV indicates that the error is related to the IP, while RIPV simply means the IP is valid to restart from. * Don't clear the MCi_STATUS registers until after the panic() path. This leaves the status bits set after the panic() so clever BIOSes can find them (and dumb BIOSes can do nothing). This patch also calls nonseekable_open() in mce_open (as suggested by akpm). Result: Tolerant levels behave almost identically to how they always have, but not it's well defined. There's a slightly higher chance of panic()ing when multiple errors happen (a good thing, IMHO). If you take an MBE and panic(), the error status bits are not cleared. Alternatives: None. Testing: I used software to inject correctable and uncorrectable errors. With tolerant = 3, the system usually survives. With tolerant = 2, the system usually panic()s (PCC) but not always. With tolerant = 1, the system always panic()s. When the system panic()s, the BIOS is able to detect that the cause of death was an MC4. I was not able to reproduce the case of a non-PCC error in userspace, with EIPV, with (tolerant < 3). That will be rare at best. Signed-off-by: Tim Hockin <thockin@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/x86_64/boot-options.txt8
-rw-r--r--Documentation/x86_64/machinecheck14
2 files changed, 13 insertions, 9 deletions
diff --git a/Documentation/x86_64/boot-options.txt b/Documentation/x86_64/boot-options.txt
index a4595b22e092..945311840a10 100644
--- a/Documentation/x86_64/boot-options.txt
+++ b/Documentation/x86_64/boot-options.txt
@@ -14,9 +14,11 @@ Machine check
14 mce=nobootlog 14 mce=nobootlog
15 Disable boot machine check logging. 15 Disable boot machine check logging.
16 mce=tolerancelevel (number) 16 mce=tolerancelevel (number)
17 0: always panic, 1: panic if deadlock possible, 17 0: always panic on uncorrected errors, log corrected errors
18 2: try to avoid panic, 3: never panic or exit (for testing) 18 1: panic or SIGBUS on uncorrected errors, log corrected errors
19 default is 1 19 2: SIGBUS or log uncorrected errors, log corrected errors
20 3: never panic or SIGBUS, log all errors (for testing only)
21 Default is 1
20 Can be also set using sysfs which is preferable. 22 Can be also set using sysfs which is preferable.
21 23
22 nomce (for compatibility with i386): same as mce=off 24 nomce (for compatibility with i386): same as mce=off
diff --git a/Documentation/x86_64/machinecheck b/Documentation/x86_64/machinecheck
index feaeaf6f6e4d..a05e58e7b159 100644
--- a/Documentation/x86_64/machinecheck
+++ b/Documentation/x86_64/machinecheck
@@ -49,12 +49,14 @@ tolerant
49 Since machine check exceptions can happen any time it is sometimes 49 Since machine check exceptions can happen any time it is sometimes
50 risky for the kernel to kill a process because it defies 50 risky for the kernel to kill a process because it defies
51 normal kernel locking rules. The tolerance level configures 51 normal kernel locking rules. The tolerance level configures
52 how hard the kernel tries to recover even at some risk of deadlock. 52 how hard the kernel tries to recover even at some risk of
53 53 deadlock. Higher tolerant values trade potentially better uptime
54 0: always panic, 54 with the risk of a crash or even corruption (for tolerant >= 3).
55 1: panic if deadlock possible, 55
56 2: try to avoid panic, 56 0: always panic on uncorrected errors, log corrected errors
57 3: never panic or exit (for testing only) 57 1: panic or SIGBUS on uncorrected errors, log corrected errors
58 2: SIGBUS or log uncorrected errors, log corrected errors
59 3: never panic or SIGBUS, log all errors (for testing only)
58 60
59 Default: 1 61 Default: 1
60 62