DPC (Downstream Port Containment) Complete Deep-Dive

1. What is DPC?

What is Downstream Port Containment?

Downstream Port Containment (DPC) is an optional extended capability that provides a mechanism for Downstream Ports (Root Ports and Switch Downstream Ports) to contain uncorrectable errors and enable software to recover from them without system-wide impact.

Key Concepts

Error Containment: Isolate failures to affected hierarchy only
Software Recovery: Enable graceful recovery without reset
Automatic Triggering: Hardware responds to detected errors
Link Isolation: Disable link to prevent error propagation

DPC Capability Requirements

May be implemented by Root Ports or Switch Downstream Ports
If DPC is implemented, Data Link Layer Link Active Reporting must be supported
ERR_COR Subclass capability is strongly recommended
RP Extensions for DPC provide additional Root Port functionality

2. Why Use DPC?

Why is DPC needed?

Traditional error handling often leads to system-wide resets or crashes. DPC enables fine-grained error containment, allowing software to recover from device failures while maintaining overall system stability.

Problems DPC Solves

Error Propagation: Without DPC, errors can spread through the system
Data Corruption: Poisoned TLPs can corrupt host memory
System Crashes: Fatal errors often cause complete system failure
No Recovery Path: Traditional handling requires hard reset

Benefits

Contains errors to affected downstream hierarchy
Enables software-initiated recovery
Prevents poisoned TLP egress (optional)
Provides detailed error logging (RP PIO)
Signals completion via ERR_COR or interrupt

3. DPC Trigger Conditions

Trigger Enable Settings

DPC Trigger Enable	Encoding	Trigger Conditions
Disabled	00b	DPC not active
ERR_FATAL Only	01b	Unmasked uncorrectable error OR ERR_FATAL Message
ERR_NONFATAL/FATAL	10b	Unmasked uncorrectable error OR ERR_NONFATAL/ERR_FATAL Message
Reserved	11b	Reserved

Additional Triggers

RP PIO Errors: Root Port Programmed I/O errors (for RP Extensions)
Software Trigger: DPC Software Trigger bit (if supported)

Trigger Reason Encoding

DPC Trigger Reason	Value	Description
Uncorrectable Error	00b	Unmasked uncorrectable error detected
ERR_NONFATAL	01b	Received ERR_NONFATAL Message
ERR_FATAL	10b	Received ERR_FATAL Message
Extension	11b	See Trigger Reason Extension field

Trigger Reason Extension

Extension Value	Description
00b	RP PIO error
01b	DPC Software Trigger

4. DPC Operational Flow

           ┌─────────────────────────────────────────────────────────────┐
           │                    NORMAL OPERATION                        │
           │                   (DPC Trigger Status = 0)                 │
           └────────────────────────┬────────────────────────────────────┘
                                    │
                                    │ Trigger Event (Error detected)
                                    ▼
           ┌─────────────────────────────────────────────────────────────┐
           │                    DPC TRIGGERED                            │
           │                   (DPC Trigger Status = 1)                 │
           │                                                             │
           │  Actions:                                                   │
           │  1. Set DPC Trigger Status bit                             │
           │  2. Set DPC Trigger Reason                                 │
           │  3. Capture Error Source ID (if ERR_* Message)             │
           │  4. Direct LTSSM to Disabled state                         │
           │  5. Log RP PIO info (if applicable)                        │
           │  6. Generate interrupt (if enabled)                        │
           │  7. Send ERR_COR (if enabled)                              │
           └────────────────────────┬────────────────────────────────────┘
                                    │
                                    │ (Port is "in DPC")
                                    ▼
           ┌─────────────────────────────────────────────────────────────┐
           │                    LINK DISABLED                            │
           │                                                             │
           │  - LTSSM in Disabled state                                 │
           │  - No TLP transmission/reception                           │
           │  - Incoming requests get UR/CA completion                  │
           │  - Wait for software intervention                          │
           └────────────────────────┬────────────────────────────────────┘
                                    │
                                    │ Software clears DPC Trigger Status
                                    │ (after DPC RP Busy = 0)
                                    ▼
           ┌─────────────────────────────────────────────────────────────┐
           │                    RECOVERY                                 │
           │                                                             │
           │  1. LTSSM exits Disabled state                             │
           │  2. LTSSM enters Detect state                              │
           │  3. Link retrains                                          │
           │  4. Normal operation resumes                               │
           │  5. Software re-enumerates/recovers device                 │
           └─────────────────────────────────────────────────────────────┘

5. RP PIO (Root Port Programmed I/O) Errors

What are RP PIO Errors?

Root Port Programmed I/O errors occur when a Root Port issues a request (on behalf of CPU) and receives an error response:

Error Type	Request Type	Description
Cfg UR Cpl	Configuration	Config request received UR Completion
Cfg CA Cpl	Configuration	Config request received CA Completion
Cfg CTO	Configuration	Config request Completion Timeout
I/O UR Cpl	I/O	I/O request received UR Completion
I/O CA Cpl	I/O	I/O request received CA Completion
I/O CTO	I/O	I/O request Completion Timeout
Mem UR Cpl	Memory	Memory request received UR Completion
Mem CA Cpl	Memory	Memory request received CA Completion
Mem CTO	Memory	Memory request Completion Timeout

RP PIO Registers

RP PIO Status: Indicates which errors occurred
RP PIO Mask: Masks errors from triggering DPC
RP PIO Severity: Sets error severity (Fatal vs Non-Fatal)
RP PIO SysError: Controls system error signaling
RP PIO Exception: Controls exception handling
RP PIO Header Log: Captures request TLP header
RP PIO ImpSpec Log: Implementation-specific info
RP PIO TLP Prefix Log: Captures TLP Prefixes (Non-Flit Mode)

6. DPC Extended Capability Structure

Register Layout

Offset	Register	Description
00h	Extended Capability Header	ID = 001Dh, Version = 1h
04h	DPC Capability	Supported features
06h	DPC Control	Enable and configuration
08h	DPC Status	Trigger status and reason
0Ah	DPC Error Source ID	Requester ID from ERR_* Message
0Ch+	RP PIO Registers	Only for Root Ports with RP Extensions

DPC Capability Register Fields

DPC Interrupt Message Number: MSI/MSI-X vector
RP Extensions for DPC: Root Port supports RP PIO
Poisoned TLP Egress Blocking Supported: Can block poisoned TLPs
DPC Software Triggering Supported: Software can trigger DPC
RP PIO Log Size: Size of RP PIO log registers
DL_Active ERR_COR Signaling Supported: Can signal link active via ERR_COR

DPC Control Register Fields

DPC Trigger Enable: Enable DPC and set trigger conditions
DPC Completion Control: CA or UR for DPC completions
DPC Interrupt Enable: Generate interrupt on trigger
DPC ERR_COR Enable: Send ERR_COR on trigger
Poisoned TLP Egress Blocking Enable: Block poisoned TLPs
DPC Software Trigger: Software trigger (W1S)
DL_Active ERR_COR Enable: ERR_COR on DL_Active

7. Poisoned TLP Egress Blocking

What is Poisoned TLP Blocking?

When enabled, the Downstream Port blocks transmission of poisoned (EP=1) TLPs from its egress, preventing corrupted data from reaching host memory.

   WITHOUT POISONED TLP BLOCKING:
   ┌─────────┐    Poisoned TLP    ┌─────────────┐
   │ Device  │ ──────────────────► │ Host Memory │  ← Data corruption!
   └─────────┘                     └─────────────┘

   WITH POISONED TLP BLOCKING:
   ┌─────────┐    Poisoned TLP    ┌─────────┐
   │ Device  │ ─────────► X ──────│ Root    │  ← TLP blocked
   └─────────┘        BLOCKED     │ Port    │
                                  └─────────┘
                                       │
                                       ▼
                                  Error logged,
                                  DPC triggered

Blocking Behavior

Poisoned TLPs are dropped at the egress port
Error is logged per AER mechanisms
May trigger DPC if configured
Completion with EP=1 also blocked

8. Software Recovery Procedure

Recovery Steps

DPC Software Recovery Sequence

Detect DPC: Read DPC Status, check Trigger Status = 1
Identify Cause: Read Trigger Reason, Error Source ID
Log Error Info: Read RP PIO logs if applicable
Wait for Busy: Poll DPC RP Busy until = 0
Clear Trigger: Write 1 to DPC Trigger Status to clear
Honor Timing: Wait for link retraining (conventional reset timing)
Re-enumerate: Re-discover and configure affected devices
Restore State: Restore device configuration
Resume Operation: Resume normal device operation

Timing Requirements

Software must honor conventional reset timing after clearing DPC Trigger Status
At least 100ms must elapse before first configuration access
Devices may return CRS during initialization

Important: DPC RP Busy

Software must NOT clear DPC Trigger Status while DPC RP Busy is Set. The Root Port may be completing internal activities. Clearing while busy results in undefined behavior.

9. ERR_COR Signaling for DPC

ERR_COR Message Usage

DPC can signal completion via ERR_COR Message with specific subclass:

DPC ERR_COR Enable: Enables ERR_COR when DPC triggers
DL_Active ERR_COR Enable: Enables ERR_COR when link goes DL_Active
ERR_COR Subclass (ECS): Uses SIG_SFW (01b) for DPC events

ERR_COR Subclass Encoding

ECS Value	Name	Use
00b	ECS Legacy	Non-ECS capable Requesters
01b	ECS SIG_SFW	DPC or SFI events
10b	ECS SIG_OS	AER or RP PIO events
11b	ECS Extended	Reserved for future

10. Flit Mode Considerations

Differences in Flit Mode

RP PIO Header Log: 52-76 bytes (vs 16 bytes in Non-Flit Mode)
No TLP Prefix Log: RP PIO TLP Prefix Log not present in Flit Mode
Header Log continues: Configuration space at offset 34h+ is Header Log extension
RP PIO Log Size: Encoded differently, includes bit [4]

Header Log Size Requirements

Mode	RP PIO Header Log Size	Total RP PIO Log Size
Non-Flit Mode	4 DW (16 bytes)	≥4 DW
Flit Mode (min)	13 DW (52 bytes)	Per Section 6.2.11.3
Flit Mode (max)	19 DW (76 bytes)	Per Section 6.2.11.3

11. System-Level Applications

Use Cases

Hot Plug Recovery: Contain errors during hot-plug events
Device Failure: Isolate failing devices without system crash
Driver Bugs: Recover from driver-induced errors
RAS (Reliability): Improve system uptime and reliability
Virtualization: Isolate VM-assigned device failures

Integration with AER

DPC works alongside Advanced Error Reporting (AER):

AER logs detailed error information
DPC contains the error and enables recovery
Both capabilities share error detection mechanisms
Software should check both AER and DPC status