c6acb1e7bf
SGX reserved memory does not appear in the standard address maps. Add hook to call into the SGX code to check if an address is located in SGX memory. There are other challenges in injecting errors into SGX. Update the documentation with a sequence of operations to inject. Signed-off-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Reinette Chatre <reinette.chatre@intel.com> Link: https://lkml.kernel.org/r/20211026220050.697075-7-tony.luck@intel.com
205 lines
8.2 KiB
ReStructuredText
205 lines
8.2 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
====================
|
|
APEI Error INJection
|
|
====================
|
|
|
|
EINJ provides a hardware error injection mechanism. It is very useful
|
|
for debugging and testing APEI and RAS features in general.
|
|
|
|
You need to check whether your BIOS supports EINJ first. For that, look
|
|
for early boot messages similar to this one::
|
|
|
|
ACPI: EINJ 0x000000007370A000 000150 (v01 INTEL 00000001 INTL 00000001)
|
|
|
|
which shows that the BIOS is exposing an EINJ table - it is the
|
|
mechanism through which the injection is done.
|
|
|
|
Alternatively, look in /sys/firmware/acpi/tables for an "EINJ" file,
|
|
which is a different representation of the same thing.
|
|
|
|
It doesn't necessarily mean that EINJ is not supported if those above
|
|
don't exist: before you give up, go into BIOS setup to see if the BIOS
|
|
has an option to enable error injection. Look for something called WHEA
|
|
or similar. Often, you need to enable an ACPI5 support option prior, in
|
|
order to see the APEI,EINJ,... functionality supported and exposed by
|
|
the BIOS menu.
|
|
|
|
To use EINJ, make sure the following are options enabled in your kernel
|
|
configuration::
|
|
|
|
CONFIG_DEBUG_FS
|
|
CONFIG_ACPI_APEI
|
|
CONFIG_ACPI_APEI_EINJ
|
|
|
|
The EINJ user interface is in <debugfs mount point>/apei/einj.
|
|
|
|
The following files belong to it:
|
|
|
|
- available_error_type
|
|
|
|
This file shows which error types are supported:
|
|
|
|
================ ===================================
|
|
Error Type Value Error Description
|
|
================ ===================================
|
|
0x00000001 Processor Correctable
|
|
0x00000002 Processor Uncorrectable non-fatal
|
|
0x00000004 Processor Uncorrectable fatal
|
|
0x00000008 Memory Correctable
|
|
0x00000010 Memory Uncorrectable non-fatal
|
|
0x00000020 Memory Uncorrectable fatal
|
|
0x00000040 PCI Express Correctable
|
|
0x00000080 PCI Express Uncorrectable non-fatal
|
|
0x00000100 PCI Express Uncorrectable fatal
|
|
0x00000200 Platform Correctable
|
|
0x00000400 Platform Uncorrectable non-fatal
|
|
0x00000800 Platform Uncorrectable fatal
|
|
================ ===================================
|
|
|
|
The format of the file contents are as above, except present are only
|
|
the available error types.
|
|
|
|
- error_type
|
|
|
|
Set the value of the error type being injected. Possible error types
|
|
are defined in the file available_error_type above.
|
|
|
|
- error_inject
|
|
|
|
Write any integer to this file to trigger the error injection. Make
|
|
sure you have specified all necessary error parameters, i.e. this
|
|
write should be the last step when injecting errors.
|
|
|
|
- flags
|
|
|
|
Present for kernel versions 3.13 and above. Used to specify which
|
|
of param{1..4} are valid and should be used by the firmware during
|
|
injection. Value is a bitmask as specified in ACPI5.0 spec for the
|
|
SET_ERROR_TYPE_WITH_ADDRESS data structure:
|
|
|
|
Bit 0
|
|
Processor APIC field valid (see param3 below).
|
|
Bit 1
|
|
Memory address and mask valid (param1 and param2).
|
|
Bit 2
|
|
PCIe (seg,bus,dev,fn) valid (see param4 below).
|
|
|
|
If set to zero, legacy behavior is mimicked where the type of
|
|
injection specifies just one bit set, and param1 is multiplexed.
|
|
|
|
- param1
|
|
|
|
This file is used to set the first error parameter value. Its effect
|
|
depends on the error type specified in error_type. For example, if
|
|
error type is memory related type, the param1 should be a valid
|
|
physical memory address. [Unless "flag" is set - see above]
|
|
|
|
- param2
|
|
|
|
Same use as param1 above. For example, if error type is of memory
|
|
related type, then param2 should be a physical memory address mask.
|
|
Linux requires page or narrower granularity, say, 0xfffffffffffff000.
|
|
|
|
- param3
|
|
|
|
Used when the 0x1 bit is set in "flags" to specify the APIC id
|
|
|
|
- param4
|
|
Used when the 0x4 bit is set in "flags" to specify target PCIe device
|
|
|
|
- notrigger
|
|
|
|
The error injection mechanism is a two-step process. First inject the
|
|
error, then perform some actions to trigger it. Setting "notrigger"
|
|
to 1 skips the trigger phase, which *may* allow the user to cause the
|
|
error in some other context by a simple access to the CPU, memory
|
|
location, or device that is the target of the error injection. Whether
|
|
this actually works depends on what operations the BIOS actually
|
|
includes in the trigger phase.
|
|
|
|
BIOS versions based on the ACPI 4.0 specification have limited options
|
|
in controlling where the errors are injected. Your BIOS may support an
|
|
extension (enabled with the param_extension=1 module parameter, or boot
|
|
command line einj.param_extension=1). This allows the address and mask
|
|
for memory injections to be specified by the param1 and param2 files in
|
|
apei/einj.
|
|
|
|
BIOS versions based on the ACPI 5.0 specification have more control over
|
|
the target of the injection. For processor-related errors (type 0x1, 0x2
|
|
and 0x4), you can set flags to 0x3 (param3 for bit 0, and param1 and
|
|
param2 for bit 1) so that you have more information added to the error
|
|
signature being injected. The actual data passed is this::
|
|
|
|
memory_address = param1;
|
|
memory_address_range = param2;
|
|
apicid = param3;
|
|
pcie_sbdf = param4;
|
|
|
|
For memory errors (type 0x8, 0x10 and 0x20) the address is set using
|
|
param1 with a mask in param2 (0x0 is equivalent to all ones). For PCI
|
|
express errors (type 0x40, 0x80 and 0x100) the segment, bus, device and
|
|
function are specified using param1::
|
|
|
|
31 24 23 16 15 11 10 8 7 0
|
|
+-------------------------------------------------+
|
|
| segment | bus | device | function | reserved |
|
|
+-------------------------------------------------+
|
|
|
|
Anyway, you get the idea, if there's doubt just take a look at the code
|
|
in drivers/acpi/apei/einj.c.
|
|
|
|
An ACPI 5.0 BIOS may also allow vendor-specific errors to be injected.
|
|
In this case a file named vendor will contain identifying information
|
|
from the BIOS that hopefully will allow an application wishing to use
|
|
the vendor-specific extension to tell that they are running on a BIOS
|
|
that supports it. All vendor extensions have the 0x80000000 bit set in
|
|
error_type. A file vendor_flags controls the interpretation of param1
|
|
and param2 (1 = PROCESSOR, 2 = MEMORY, 4 = PCI). See your BIOS vendor
|
|
documentation for details (and expect changes to this API if vendors
|
|
creativity in using this feature expands beyond our expectations).
|
|
|
|
|
|
An error injection example::
|
|
|
|
# cd /sys/kernel/debug/apei/einj
|
|
# cat available_error_type # See which errors can be injected
|
|
0x00000002 Processor Uncorrectable non-fatal
|
|
0x00000008 Memory Correctable
|
|
0x00000010 Memory Uncorrectable non-fatal
|
|
# echo 0x12345000 > param1 # Set memory address for injection
|
|
# echo $((-1 << 12)) > param2 # Mask 0xfffffffffffff000 - anywhere in this page
|
|
# echo 0x8 > error_type # Choose correctable memory error
|
|
# echo 1 > error_inject # Inject now
|
|
|
|
You should see something like this in dmesg::
|
|
|
|
[22715.830801] EDAC sbridge MC3: HANDLING MCE MEMORY ERROR
|
|
[22715.834759] EDAC sbridge MC3: CPU 0: Machine Check Event: 0 Bank 7: 8c00004000010090
|
|
[22715.834759] EDAC sbridge MC3: TSC 0
|
|
[22715.834759] EDAC sbridge MC3: ADDR 12345000 EDAC sbridge MC3: MISC 144780c86
|
|
[22715.834759] EDAC sbridge MC3: PROCESSOR 0:306e7 TIME 1422553404 SOCKET 0 APIC 0
|
|
[22716.616173] EDAC MC3: 1 CE memory read error on CPU_SrcID#0_Channel#0_DIMM#0 (channel:0 slot:0 page:0x12345 offset:0x0 grain:32 syndrome:0x0 - area:DRAM err_code:0001:0090 socket:0 channel_mask:1 rank:0)
|
|
|
|
Special notes for injection into SGX enclaves:
|
|
|
|
There may be a separate BIOS setup option to enable SGX injection.
|
|
|
|
The injection process consists of setting some special memory controller
|
|
trigger that will inject the error on the next write to the target
|
|
address. But the h/w prevents any software outside of an SGX enclave
|
|
from accessing enclave pages (even BIOS SMM mode).
|
|
|
|
The following sequence can be used:
|
|
1) Determine physical address of enclave page
|
|
2) Use "notrigger=1" mode to inject (this will setup
|
|
the injection address, but will not actually inject)
|
|
3) Enter the enclave
|
|
4) Store data to the virtual address matching physical address from step 1
|
|
5) Execute CLFLUSH for that virtual address
|
|
6) Spin delay for 250ms
|
|
7) Read from the virtual address. This will trigger the error
|
|
|
|
For more information about EINJ, please refer to ACPI specification
|
|
version 4.0, section 17.5 and ACPI 5.0, section 18.6.
|