diff options
author | Andi Kleen <andi@firstfloor.org> | 2009-05-27 15:56:55 -0400 |
---|---|---|
committer | H. Peter Anvin <hpa@zytor.com> | 2009-06-03 17:45:12 -0400 |
commit | 3c0797925f4ef9d55a32059d2af61a9c262e639d (patch) | |
tree | 7037a444ec7042352b33f6a7e24b255f9e4d9332 /Documentation | |
parent | f94b61c2c9fdcc90773c49df9ccf9ede3ad0d7db (diff) |
x86, mce: switch x86 machine check handler to Monarch election.
On Intel platforms machine check exceptions are always broadcast to
all CPUs. This patch makes the machine check handler synchronize all
these machine checks, elect a Monarch to handle the event and collect
the worst event from all CPUs and then process it first.
This has some advantages:
- When there is a truly data corrupting error the system panics as
quickly as possible. This improves containment of corrupted
data and makes sure the corrupted data never hits stable storage.
- The panics are synchronized and do not reenter the panic code
on multiple CPUs (which currently does not handle this well).
- All the errors are reported. Currently it often happens that
another CPU happens to do the panic first, but reports useless
information (empty machine check) because the real error
happened on another CPU which came in later.
This is a big advantage on Nehalem where the 8 threads per CPU
lead to often the wrong CPU winning the race and dumping
useless information on a machine check. The problem also occurs
in a less severe form on older CPUs.
- The system can detect when no CPUs detected a machine check
and shut down the system. This can happen when one CPU is so
badly hung that that it cannot process a machine check anymore
or when some external agent wants to stop the system by
asserting the machine check pin. This follows Intel hardware
recommendations.
- This matches the recommended error model by the CPU designers.
- The events can be output in true severity order
- When a panic happens on another CPU it makes sure to be actually
be able to process the stop IPI by enabling interrupts.
The code is extremly careful to handle timeouts while waiting
for other CPUs. It can't rely on the normal timing mechanisms
(jiffies, ktime_get) because of its asynchronous/lockless nature,
so it uses own timeouts using ndelay() and a "SPINUNIT"
The timeout is configurable. By default it waits for upto one
second for the other CPUs. This can be also disabled.
From some informal testing AMD systems do not see to broadcast
machine checks, so right now it's always disabled by default on
non Intel CPUs or also on very old Intel systems.
Includes fixes from Ying Huang
Fixed a "ecception" in a comment (H.Seto)
Moved global_nwo reset later based on suggestion from H.Seto
v2: Avoid duplicate messages
[ Impact: feature, fixes long standing problems. ]
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/x86/x86_64/boot-options.txt | 6 | ||||
-rw-r--r-- | Documentation/x86/x86_64/machinecheck | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/Documentation/x86/x86_64/boot-options.txt b/Documentation/x86/x86_64/boot-options.txt index 63fca718256e..0ee5e3b212f3 100644 --- a/Documentation/x86/x86_64/boot-options.txt +++ b/Documentation/x86/x86_64/boot-options.txt | |||
@@ -15,13 +15,17 @@ Machine check | |||
15 | in a reboot. On Intel systems it is enabled by default. | 15 | in a reboot. On Intel systems it is enabled by default. |
16 | mce=nobootlog | 16 | mce=nobootlog |
17 | Disable boot machine check logging. | 17 | Disable boot machine check logging. |
18 | mce=tolerancelevel (number) | 18 | mce=tolerancelevel[,monarchtimeout] (number,number) |
19 | tolerance levels: | ||
19 | 0: always panic on uncorrected errors, log corrected errors | 20 | 0: always panic on uncorrected errors, log corrected errors |
20 | 1: panic or SIGBUS on uncorrected errors, log corrected errors | 21 | 1: panic or SIGBUS on uncorrected errors, log corrected errors |
21 | 2: SIGBUS or log uncorrected errors, log corrected errors | 22 | 2: SIGBUS or log uncorrected errors, log corrected errors |
22 | 3: never panic or SIGBUS, log all errors (for testing only) | 23 | 3: never panic or SIGBUS, log all errors (for testing only) |
23 | Default is 1 | 24 | Default is 1 |
24 | Can be also set using sysfs which is preferable. | 25 | Can be also set using sysfs which is preferable. |
26 | monarchtimeout: | ||
27 | Sets the time in us to wait for other CPUs on machine checks. 0 | ||
28 | to disable. | ||
25 | 29 | ||
26 | nomce (for compatibility with i386): same as mce=off | 30 | nomce (for compatibility with i386): same as mce=off |
27 | 31 | ||
diff --git a/Documentation/x86/x86_64/machinecheck b/Documentation/x86/x86_64/machinecheck index a4fdb25446e0..b1fb30273286 100644 --- a/Documentation/x86/x86_64/machinecheck +++ b/Documentation/x86/x86_64/machinecheck | |||
@@ -69,6 +69,10 @@ trigger | |||
69 | Program to run when a machine check event is detected. | 69 | Program to run when a machine check event is detected. |
70 | This is an alternative to running mcelog regularly from cron | 70 | This is an alternative to running mcelog regularly from cron |
71 | and allows to detect events faster. | 71 | and allows to detect events faster. |
72 | monarch_timeout | ||
73 | How long to wait for the other CPUs to machine check too on a | ||
74 | exception. 0 to disable waiting for other CPUs. | ||
75 | Unit: us | ||
72 | 76 | ||
73 | TBD document entries for AMD threshold interrupt configuration | 77 | TBD document entries for AMD threshold interrupt configuration |
74 | 78 | ||