On Fri, Sep 22, 2023 at 10:46:36AM +0800, Shuai Xue wrote: > ... > Actually, this is a question from my colleague from firmware team. > The original question is that: > > "Should I set CPER_SEV_FATAL for Generic Error Status Block when a > PCIe fatal error is detected? If set, kernel will always panic. > Otherwise, kernel will always not panic." > > So I pull a question about desired behavior of Linux kernel first :) > From the perspective of the kernel, CPER_SEV_FATAL for Generic Error > Status Block is not reasonable. The kernel will attempt to recover > Fatal errors, although recovery may fail.
I don't know the semantics of CPER_SEV_FATAL or why it's there. With CPER, we have *two* error severities: a "native" one defined by the PCIe spec and another defined by the platform via CPER. I speculate that the reason for the CPER severity could be to provide a severity for error sources that don't have a "native" severity like AER does, or for the vendor to force the OS to restart (for CPER_SEV_FATAL, anyway) in cases where it might not otherwise. In the native case, we only have the PCIe severity and don't have the CPER severity at all, and I suspect that unless there's uncontained data corruption, we would rather handle even the most severe PCIe fatal error by disabling the specific device(s) instead of panicking and restarting the whole machine. So for PCIe errors, I'm not sure setting CPER_SEV_FATAL is beneficial unless the platform wants to force the OS to panic, e.g., maybe the platform knows about data corruption and/or the vendor wants the OS to panic as part of a reliability story. Presumably the platform has already logged the error, and I assume the platform *could* restart without even returning to the OS, but maybe it wants the OS to do a crashdump or shutdown in a more orderly way. Bjorn
