ACPI ERST DEVICE

The ACPI ERST device is utilized to support the ACPI Error Record Serialization Table, ERST, functionality. This feature is designed for storing error records in persistent storage for future reference and/or debugging.

The ACPI specification[1], in Chapter “ACPI Platform Error Interfaces (APEI)”, and specifically subsection “Error Serialization”, outlines a method for storing error records into persistent storage.

The format of error records is described in the UEFI specification[2], in Appendix N “Common Platform Error Record”.

While the ACPI specification allows for an NVRAM “mode” (see GET_ERROR_LOG_ADDRESS_RANGE_ATTRIBUTES) where non-volatile RAM is directly exposed for direct access by the OS/guest, this device implements the non-NVRAM “mode”. This non-NVRAM “mode” is what is implemented by most BIOS (since flash memory requires programming operations in order to update its contents). Furthermore, as of the time of this writing, Linux only supports the non-NVRAM “mode”.

Background/Motivation

Linux uses the persistent storage filesystem, pstore, to record information (eg. dmesg tail) upon panics and shutdowns. Pstore is independent of, and runs before, kdump. In certain scenarios (ie. hosts/guests with root filesystems on NFS/iSCSI where networking software and/or hardware fails, and thus kdump fails), pstore may contain information available for post-mortem debugging.

Two common storage backends for the pstore filesystem are ACPI ERST and UEFI. Most BIOS implement ACPI ERST. UEFI is not utilized in all guests. With QEMU supporting ACPI ERST, it becomes a viable pstore storage backend for virtual machines (as it is now for bare metal machines).

Enabling support for ACPI ERST facilitates a consistent method to capture kernel panic information in a wide range of guests: from resource-constrained microvms to very large guests, and in particular, in direct-boot environments (which would lack UEFI run-time services).

Note that Microsoft Windows also utilizes the ACPI ERST for certain crash information, if available[3].

Configuration|Usage

To use ACPI ERST, a memory-backend-file object and acpi-erst device can be created, for example:

qemu … -object memory-backend-file,id=erstnvram,mem-path=acpi-erst.backing,size=0x10000,share=on -device acpi-erst,memdev=erstnvram

For proper operation, the ACPI ERST device needs a memory-backend-file object with the following parameters:

  • id: The id of the memory-backend-file object is used to associate this memory with the acpi-erst device.

  • size: The size of the ACPI ERST backing storage. This parameter is required.

  • mem-path: The location of the ACPI ERST backing storage file. This parameter is also required.

  • share: The share=on parameter is required so that updates to the ERST backing store are written to the file.

and ERST device:

  • memdev: Is the object id of the memory-backend-file.

  • record_size: Specifies the size of the records (or slots) in the backend storage. Must be a power of two value greater than or equal to 4096 (PAGE_SIZE).

PCI Interface

The ERST device is a PCI device with two BARs, one for accessing the programming registers, and the other for accessing the record exchange buffer.

BAR0 contains the programming interface consisting of ACTION and VALUE 64-bit registers. All ERST actions/operations/side effects happen on the write to the ACTION, by design. Any data needed by the action must be placed into VALUE prior to writing ACTION. Reading the VALUE simply returns the register contents, which can be updated by a previous ACTION.

BAR1 contains the 8KiB record exchange buffer, which is the implemented maximum record size.

Backend Storage Format

The backend storage is divided into fixed size “slots”, 8KiB in length, with each slot storing a single record. Not all slots need to be occupied, and they need not be occupied in a contiguous fashion. The ability to clear/erase specific records allows for the formation of unoccupied slots.

Slot 0 contains a backend storage header that identifies the contents as ERST and also facilitates efficient access to the records. Depending upon the size of the backend storage, additional slots will be designated to be a part of the slot 0 header. For example, at 8KiB, the slot 0 header can accomodate 1021 records. Thus a storage size of 8MiB (8KiB * 1024) requires an additional slot for use by the header. In this scenario, slot 0 and slot 1 form the backend storage header, and records can be stored starting at slot 2.

Below is an example layout of the backend storage format (for storage size less than 8MiB). The size of the storage is a multiple of 8KiB, and contains N number of slots to store records. The example below shows two records (in CPER format) in the backend storage, while the remaining slots are empty/available.

Slot   Record
       <------------------ 8KiB -------------------->
       +--------------------------------------------+
   0   | storage header                             |
       +--------------------------------------------+
   1   | empty/available                            |
       +--------------------------------------------+
   2   | CPER                                       |
       +--------------------------------------------+
   3   | CPER                                       |
       +--------------------------------------------+
 ...   |                                            |
       +--------------------------------------------+
   N   | empty/available                            |
       +--------------------------------------------+

The storage header consists of some basic information and an array of CPER record_id’s to efficiently access records in the backend storage.

All fields in the header are stored in little endian format.

+--------------------------------------------+
| magic                                      | 0x0000
+--------------------------------------------+
| record_offset        | record_size         | 0x0008
+--------------------------------------------+
| record_count         | reserved | version  | 0x0010
+--------------------------------------------+
| record_id[0]                               | 0x0018
+--------------------------------------------+
| record_id[1]                               | 0x0020
+--------------------------------------------+
| record_id[...]                             |
+--------------------------------------------+
| record_id[N]                               | 0x1FF8
+--------------------------------------------+

The ‘magic’ field contains the value 0x524F545354535245.

The ‘record_size’ field contains the value 0x2000, 8KiB.

The ‘record_offset’ field points to the first record_id in the array, 0x0018.

The ‘version’ field contains 0x0100, the first version.

The ‘record_count’ field contains the number of valid records in the backend storage.

The ‘record_id’ array fields are the 64-bit record identifiers of the CPER record in the corresponding slot. Stated differently, the location of a CPER record_id in the record_id[] array provides the slot index for the corresponding record in the backend storage.

Note that, for example, with a backend storage less than 8MiB, slot 0 contains the header, so the record_id[0] will never contain a valid CPER record_id. Instead slot 1 is the first available slot and thus record_id_[1] may contain a CPER.

A ‘record_id’ of all 0s or all 1s indicates an invalid record (ie. the slot is available).

References

[1] “Advanced Configuration and Power Interface Specification”,

version 4.0, June 2009.

[2] “Unified Extensible Firmware Interface Specification”,

version 2.1, October 2008.

[3] “Windows Hardware Error Architecture”, specfically

“Error Record Persistence Mechanism”.