Commit | Line | Data |
---|---|---|
10ffebbe | 1 | =========================================== |
de1ba09b AM |
2 | Fault injection capabilities infrastructure |
3 | =========================================== | |
4 | ||
1892ce4c | 5 | See also drivers/md/md-faulty.c and "every_nth" module option for scsi_debug. |
de1ba09b AM |
6 | |
7 | ||
8 | Available fault injection capabilities | |
9 | -------------------------------------- | |
10 | ||
10ffebbe | 11 | - failslab |
de1ba09b AM |
12 | |
13 | injects slab allocation failures. (kmalloc(), kmem_cache_alloc(), ...) | |
14 | ||
10ffebbe | 15 | - fail_page_alloc |
de1ba09b AM |
16 | |
17 | injects page allocation failures. (alloc_pages(), get_free_pages(), ...) | |
18 | ||
10ffebbe | 19 | - fail_futex |
ab51fbab DB |
20 | |
21 | injects futex deadlock and uaddr fault errors. | |
22 | ||
10ffebbe | 23 | - fail_make_request |
de1ba09b | 24 | |
5d0ffa2b | 25 | injects disk IO errors on devices permitted by setting |
de1ba09b AM |
26 | /sys/block/<device>/make-it-fail or |
27 | /sys/block/<device>/<partition>/make-it-fail. (generic_make_request()) | |
28 | ||
10ffebbe | 29 | - fail_mmc_request |
1e4cb22b PF |
30 | |
31 | injects MMC data errors on devices permitted by setting | |
32 | debugfs entries under /sys/kernel/debug/mmc0/fail_mmc_request | |
33 | ||
10ffebbe | 34 | - fail_function |
4b1a29a7 MH |
35 | |
36 | injects error return on specific functions, which are marked by | |
37 | ALLOW_ERROR_INJECTION() macro, by setting debugfs entries | |
38 | under /sys/kernel/debug/fail_function. No boot option supported. | |
39 | ||
10ffebbe | 40 | - NVMe fault injection |
cf4182f3 TT |
41 | |
42 | inject NVMe status code and retry flag on devices permitted by setting | |
43 | debugfs entries under /sys/kernel/debug/nvme*/fault_inject. The default | |
44 | status code is NVME_SC_INVALID_OPCODE with no retry. The status code and | |
45 | retry flag can be set via the debugfs. | |
46 | ||
47 | ||
de1ba09b AM |
48 | Configure fault-injection capabilities behavior |
49 | ----------------------------------------------- | |
50 | ||
10ffebbe MCC |
51 | debugfs entries |
52 | ^^^^^^^^^^^^^^^ | |
de1ba09b AM |
53 | |
54 | fault-inject-debugfs kernel module provides some debugfs entries for runtime | |
55 | configuration of fault-injection capabilities. | |
56 | ||
156f5a78 | 57 | - /sys/kernel/debug/fail*/probability: |
de1ba09b AM |
58 | |
59 | likelihood of failure injection, in percent. | |
10ffebbe | 60 | |
de1ba09b AM |
61 | Format: <percent> |
62 | ||
5d0ffa2b DM |
63 | Note that one-failure-per-hundred is a very high error rate |
64 | for some testcases. Consider setting probability=100 and configure | |
156f5a78 | 65 | /sys/kernel/debug/fail*/interval for such testcases. |
de1ba09b | 66 | |
156f5a78 | 67 | - /sys/kernel/debug/fail*/interval: |
de1ba09b AM |
68 | |
69 | specifies the interval between failures, for calls to | |
70 | should_fail() that pass all the other tests. | |
71 | ||
72 | Note that if you enable this, by setting interval>1, you will | |
73 | probably want to set probability=100. | |
74 | ||
156f5a78 | 75 | - /sys/kernel/debug/fail*/times: |
de1ba09b AM |
76 | |
77 | specifies how many times failures may happen at most. | |
78 | A value of -1 means "no limit". | |
79 | ||
156f5a78 | 80 | - /sys/kernel/debug/fail*/space: |
de1ba09b AM |
81 | |
82 | specifies an initial resource "budget", decremented by "size" | |
83 | on each call to should_fail(,size). Failure injection is | |
84 | suppressed until "space" reaches zero. | |
85 | ||
156f5a78 | 86 | - /sys/kernel/debug/fail*/verbose |
de1ba09b AM |
87 | |
88 | Format: { 0 | 1 | 2 } | |
10ffebbe | 89 | |
5d0ffa2b DM |
90 | specifies the verbosity of the messages when failure is |
91 | injected. '0' means no messages; '1' will print only a single | |
92 | log line per failure; '2' will print a call trace too -- useful | |
93 | to debug the problems revealed by fault injection. | |
de1ba09b | 94 | |
156f5a78 | 95 | - /sys/kernel/debug/fail*/task-filter: |
de1ba09b | 96 | |
5d0ffa2b | 97 | Format: { 'Y' | 'N' } |
10ffebbe | 98 | |
5d0ffa2b | 99 | A value of 'N' disables filtering by process (default). |
de1ba09b AM |
100 | Any positive value limits failures to only processes indicated by |
101 | /proc/<pid>/make-it-fail==1. | |
102 | ||
10ffebbe MCC |
103 | - /sys/kernel/debug/fail*/require-start, |
104 | /sys/kernel/debug/fail*/require-end, | |
105 | /sys/kernel/debug/fail*/reject-start, | |
106 | /sys/kernel/debug/fail*/reject-end: | |
de1ba09b AM |
107 | |
108 | specifies the range of virtual addresses tested during | |
109 | stacktrace walking. Failure is injected only if some caller | |
329409ae AM |
110 | in the walked stacktrace lies within the required range, and |
111 | none lies within the rejected range. | |
112 | Default required range is [0,ULONG_MAX) (whole of virtual address space). | |
113 | Default rejected range is [0,0). | |
de1ba09b | 114 | |
156f5a78 | 115 | - /sys/kernel/debug/fail*/stacktrace-depth: |
de1ba09b AM |
116 | |
117 | specifies the maximum stacktrace depth walked during search | |
5d0ffa2b DM |
118 | for a caller within [require-start,require-end) OR |
119 | [reject-start,reject-end). | |
de1ba09b | 120 | |
156f5a78 | 121 | - /sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem: |
de1ba09b | 122 | |
5d0ffa2b | 123 | Format: { 'Y' | 'N' } |
10ffebbe | 124 | |
5d0ffa2b | 125 | default is 'N', setting it to 'Y' won't inject failures into |
de1ba09b AM |
126 | highmem/user allocations. |
127 | ||
156f5a78 GL |
128 | - /sys/kernel/debug/failslab/ignore-gfp-wait: |
129 | - /sys/kernel/debug/fail_page_alloc/ignore-gfp-wait: | |
de1ba09b | 130 | |
5d0ffa2b | 131 | Format: { 'Y' | 'N' } |
10ffebbe | 132 | |
5d0ffa2b | 133 | default is 'N', setting it to 'Y' will inject failures |
de1ba09b AM |
134 | only into non-sleep allocations (GFP_ATOMIC allocations). |
135 | ||
156f5a78 | 136 | - /sys/kernel/debug/fail_page_alloc/min-order: |
54114994 AM |
137 | |
138 | specifies the minimum page allocation order to be injected | |
139 | failures. | |
140 | ||
ab51fbab DB |
141 | - /sys/kernel/debug/fail_futex/ignore-private: |
142 | ||
143 | Format: { 'Y' | 'N' } | |
10ffebbe | 144 | |
ab51fbab DB |
145 | default is 'N', setting it to 'Y' will disable failure injections |
146 | when dealing with private (address space) futexes. | |
147 | ||
4b1a29a7 MH |
148 | - /sys/kernel/debug/fail_function/inject: |
149 | ||
150 | Format: { 'function-name' | '!function-name' | '' } | |
10ffebbe | 151 | |
4b1a29a7 MH |
152 | specifies the target function of error injection by name. |
153 | If the function name leads '!' prefix, given function is | |
154 | removed from injection list. If nothing specified ('') | |
155 | injection list is cleared. | |
156 | ||
157 | - /sys/kernel/debug/fail_function/injectable: | |
158 | ||
159 | (read only) shows error injectable functions and what type of | |
160 | error values can be specified. The error type will be one of | |
161 | below; | |
162 | - NULL: retval must be 0. | |
163 | - ERRNO: retval must be -1 to -MAX_ERRNO (-4096). | |
164 | - ERR_NULL: retval must be 0 or -1 to -MAX_ERRNO (-4096). | |
165 | ||
166 | - /sys/kernel/debug/fail_function/<functiuon-name>/retval: | |
167 | ||
168 | specifies the "error" return value to inject to the given | |
169 | function for given function. This will be created when | |
170 | user specifies new injection entry. | |
171 | ||
10ffebbe MCC |
172 | Boot option |
173 | ^^^^^^^^^^^ | |
de1ba09b AM |
174 | |
175 | In order to inject faults while debugfs is not available (early boot time), | |
10ffebbe | 176 | use the boot option:: |
de1ba09b AM |
177 | |
178 | failslab= | |
179 | fail_page_alloc= | |
1e4cb22b | 180 | fail_make_request= |
ab51fbab | 181 | fail_futex= |
199e3f4b | 182 | mmc_core.fail_request=<interval>,<probability>,<space>,<times> |
de1ba09b | 183 | |
10ffebbe MCC |
184 | proc entries |
185 | ^^^^^^^^^^^^ | |
e41d5818 | 186 | |
10ffebbe MCC |
187 | - /proc/<pid>/fail-nth, |
188 | /proc/self/task/<tid>/fail-nth: | |
e41d5818 | 189 | |
9049f2f6 | 190 | Write to this file of integer N makes N-th call in the task fail. |
bfc74093 AM |
191 | Read from this file returns a integer value. A value of '0' indicates |
192 | that the fault setup with a previous write to this file was injected. | |
193 | A positive integer N indicates that the fault wasn't yet injected. | |
e41d5818 DV |
194 | Note that this file enables all types of faults (slab, futex, etc). |
195 | This setting takes precedence over all other generic debugfs settings | |
196 | like probability, interval, times, etc. But per-capability settings | |
197 | (e.g. fail_futex/ignore-private) take precedence over it. | |
198 | ||
199 | This feature is intended for systematic testing of faults in a single | |
200 | system call. See an example below. | |
201 | ||
de1ba09b AM |
202 | How to add new fault injection capability |
203 | ----------------------------------------- | |
204 | ||
10ffebbe | 205 | - #include <linux/fault-inject.h> |
de1ba09b | 206 | |
10ffebbe | 207 | - define the fault attributes |
de1ba09b | 208 | |
2d87948a | 209 | DECLARE_FAULT_ATTR(name); |
de1ba09b AM |
210 | |
211 | Please see the definition of struct fault_attr in fault-inject.h | |
212 | for details. | |
213 | ||
10ffebbe | 214 | - provide a way to configure fault attributes |
de1ba09b AM |
215 | |
216 | - boot option | |
217 | ||
218 | If you need to enable the fault injection capability from boot time, you can | |
5d0ffa2b | 219 | provide boot option to configure it. There is a helper function for it: |
de1ba09b | 220 | |
5d0ffa2b | 221 | setup_fault_attr(attr, str); |
de1ba09b AM |
222 | |
223 | - debugfs entries | |
224 | ||
225 | failslab, fail_page_alloc, and fail_make_request use this way. | |
5d0ffa2b | 226 | Helper functions: |
de1ba09b | 227 | |
dd48c085 | 228 | fault_create_debugfs_attr(name, parent, attr); |
de1ba09b AM |
229 | |
230 | - module parameters | |
231 | ||
232 | If the scope of the fault injection capability is limited to a | |
233 | single kernel module, it is better to provide module parameters to | |
234 | configure the fault attributes. | |
235 | ||
10ffebbe | 236 | - add a hook to insert failures |
de1ba09b | 237 | |
10ffebbe | 238 | Upon should_fail() returning true, client code should inject a failure: |
de1ba09b | 239 | |
5d0ffa2b | 240 | should_fail(attr, size); |
de1ba09b AM |
241 | |
242 | Application Examples | |
243 | -------------------- | |
244 | ||
10ffebbe | 245 | - Inject slab allocation failures into module init/exit code:: |
de1ba09b | 246 | |
10ffebbe | 247 | #!/bin/bash |
de1ba09b | 248 | |
10ffebbe MCC |
249 | FAILTYPE=failslab |
250 | echo Y > /sys/kernel/debug/$FAILTYPE/task-filter | |
251 | echo 10 > /sys/kernel/debug/$FAILTYPE/probability | |
252 | echo 100 > /sys/kernel/debug/$FAILTYPE/interval | |
253 | echo -1 > /sys/kernel/debug/$FAILTYPE/times | |
254 | echo 0 > /sys/kernel/debug/$FAILTYPE/space | |
255 | echo 2 > /sys/kernel/debug/$FAILTYPE/verbose | |
256 | echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait | |
de1ba09b | 257 | |
10ffebbe MCC |
258 | faulty_system() |
259 | { | |
18584870 | 260 | bash -c "echo 1 > /proc/self/make-it-fail && exec $*" |
10ffebbe | 261 | } |
de1ba09b | 262 | |
10ffebbe MCC |
263 | if [ $# -eq 0 ] |
264 | then | |
18584870 AM |
265 | echo "Usage: $0 modulename [ modulename ... ]" |
266 | exit 1 | |
10ffebbe | 267 | fi |
18584870 | 268 | |
10ffebbe MCC |
269 | for m in $* |
270 | do | |
18584870 AM |
271 | echo inserting $m... |
272 | faulty_system modprobe $m | |
de1ba09b | 273 | |
18584870 AM |
274 | echo removing $m... |
275 | faulty_system modprobe -r $m | |
10ffebbe | 276 | done |
de1ba09b AM |
277 | |
278 | ------------------------------------------------------------------------------ | |
279 | ||
10ffebbe | 280 | - Inject page allocation failures only for a specific module:: |
de1ba09b | 281 | |
10ffebbe | 282 | #!/bin/bash |
de1ba09b | 283 | |
10ffebbe MCC |
284 | FAILTYPE=fail_page_alloc |
285 | module=$1 | |
de1ba09b | 286 | |
10ffebbe MCC |
287 | if [ -z $module ] |
288 | then | |
18584870 AM |
289 | echo "Usage: $0 <modulename>" |
290 | exit 1 | |
10ffebbe | 291 | fi |
de1ba09b | 292 | |
10ffebbe | 293 | modprobe $module |
de1ba09b | 294 | |
10ffebbe MCC |
295 | if [ ! -d /sys/module/$module/sections ] |
296 | then | |
18584870 AM |
297 | echo Module $module is not loaded |
298 | exit 1 | |
10ffebbe | 299 | fi |
18584870 | 300 | |
10ffebbe MCC |
301 | cat /sys/module/$module/sections/.text > /sys/kernel/debug/$FAILTYPE/require-start |
302 | cat /sys/module/$module/sections/.data > /sys/kernel/debug/$FAILTYPE/require-end | |
18584870 | 303 | |
10ffebbe MCC |
304 | echo N > /sys/kernel/debug/$FAILTYPE/task-filter |
305 | echo 10 > /sys/kernel/debug/$FAILTYPE/probability | |
306 | echo 100 > /sys/kernel/debug/$FAILTYPE/interval | |
307 | echo -1 > /sys/kernel/debug/$FAILTYPE/times | |
308 | echo 0 > /sys/kernel/debug/$FAILTYPE/space | |
309 | echo 2 > /sys/kernel/debug/$FAILTYPE/verbose | |
310 | echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait | |
311 | echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-highmem | |
312 | echo 10 > /sys/kernel/debug/$FAILTYPE/stacktrace-depth | |
18584870 | 313 | |
10ffebbe | 314 | trap "echo 0 > /sys/kernel/debug/$FAILTYPE/probability" SIGINT SIGTERM EXIT |
18584870 | 315 | |
10ffebbe MCC |
316 | echo "Injecting errors into the module $module... (interrupt to stop)" |
317 | sleep 1000000 | |
de1ba09b | 318 | |
4b1a29a7 MH |
319 | ------------------------------------------------------------------------------ |
320 | ||
10ffebbe MCC |
321 | - Inject open_ctree error while btrfs mount:: |
322 | ||
323 | #!/bin/bash | |
324 | ||
325 | rm -f testfile.img | |
326 | dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1 | |
327 | DEVICE=$(losetup --show -f testfile.img) | |
328 | mkfs.btrfs -f $DEVICE | |
329 | mkdir -p tmpmnt | |
330 | ||
331 | FAILTYPE=fail_function | |
332 | FAILFUNC=open_ctree | |
333 | echo $FAILFUNC > /sys/kernel/debug/$FAILTYPE/inject | |
334 | echo -12 > /sys/kernel/debug/$FAILTYPE/$FAILFUNC/retval | |
335 | echo N > /sys/kernel/debug/$FAILTYPE/task-filter | |
336 | echo 100 > /sys/kernel/debug/$FAILTYPE/probability | |
337 | echo 0 > /sys/kernel/debug/$FAILTYPE/interval | |
338 | echo -1 > /sys/kernel/debug/$FAILTYPE/times | |
339 | echo 0 > /sys/kernel/debug/$FAILTYPE/space | |
340 | echo 1 > /sys/kernel/debug/$FAILTYPE/verbose | |
341 | ||
342 | mount -t btrfs $DEVICE tmpmnt | |
343 | if [ $? -ne 0 ] | |
344 | then | |
4b1a29a7 | 345 | echo "SUCCESS!" |
10ffebbe | 346 | else |
4b1a29a7 MH |
347 | echo "FAILED!" |
348 | umount tmpmnt | |
10ffebbe | 349 | fi |
4b1a29a7 | 350 | |
10ffebbe | 351 | echo > /sys/kernel/debug/$FAILTYPE/inject |
4b1a29a7 | 352 | |
10ffebbe MCC |
353 | rmdir tmpmnt |
354 | losetup -d $DEVICE | |
355 | rm testfile.img | |
4b1a29a7 MH |
356 | |
357 | ||
c24aa64d AM |
358 | Tool to run command with failslab or fail_page_alloc |
359 | ---------------------------------------------------- | |
360 | In order to make it easier to accomplish the tasks mentioned above, we can use | |
361 | tools/testing/fault-injection/failcmd.sh. Please run a command | |
362 | "./tools/testing/fault-injection/failcmd.sh --help" for more information and | |
363 | see the following examples. | |
364 | ||
365 | Examples: | |
366 | ||
367 | Run a command "make -C tools/testing/selftests/ run_tests" with injecting slab | |
10ffebbe | 368 | allocation failure:: |
c24aa64d AM |
369 | |
370 | # ./tools/testing/fault-injection/failcmd.sh \ | |
371 | -- make -C tools/testing/selftests/ run_tests | |
372 | ||
373 | Same as above except to specify 100 times failures at most instead of one time | |
10ffebbe | 374 | at most by default:: |
c24aa64d AM |
375 | |
376 | # ./tools/testing/fault-injection/failcmd.sh --times=100 \ | |
377 | -- make -C tools/testing/selftests/ run_tests | |
378 | ||
379 | Same as above except to inject page allocation failure instead of slab | |
10ffebbe | 380 | allocation failure:: |
c24aa64d AM |
381 | |
382 | # env FAILCMD_TYPE=fail_page_alloc \ | |
383 | ./tools/testing/fault-injection/failcmd.sh --times=100 \ | |
10ffebbe | 384 | -- make -C tools/testing/selftests/ run_tests |
e41d5818 DV |
385 | |
386 | Systematic faults using fail-nth | |
387 | --------------------------------- | |
388 | ||
389 | The following code systematically faults 0-th, 1-st, 2-nd and so on | |
10ffebbe MCC |
390 | capabilities in the socketpair() system call:: |
391 | ||
392 | #include <sys/types.h> | |
393 | #include <sys/stat.h> | |
394 | #include <sys/socket.h> | |
395 | #include <sys/syscall.h> | |
396 | #include <fcntl.h> | |
397 | #include <unistd.h> | |
398 | #include <string.h> | |
399 | #include <stdlib.h> | |
400 | #include <stdio.h> | |
401 | #include <errno.h> | |
402 | ||
403 | int main() | |
404 | { | |
e41d5818 DV |
405 | int i, err, res, fail_nth, fds[2]; |
406 | char buf[128]; | |
407 | ||
408 | system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait"); | |
409 | sprintf(buf, "/proc/self/task/%ld/fail-nth", syscall(SYS_gettid)); | |
410 | fail_nth = open(buf, O_RDWR); | |
9049f2f6 | 411 | for (i = 1;; i++) { |
e41d5818 DV |
412 | sprintf(buf, "%d", i); |
413 | write(fail_nth, buf, strlen(buf)); | |
414 | res = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds); | |
415 | err = errno; | |
bfc74093 | 416 | pread(fail_nth, buf, sizeof(buf), 0); |
e41d5818 DV |
417 | if (res == 0) { |
418 | close(fds[0]); | |
419 | close(fds[1]); | |
420 | } | |
bfc74093 AM |
421 | printf("%d-th fault %c: res=%d/%d\n", i, atoi(buf) ? 'N' : 'Y', |
422 | res, err); | |
423 | if (atoi(buf)) | |
e41d5818 DV |
424 | break; |
425 | } | |
426 | return 0; | |
10ffebbe MCC |
427 | } |
428 | ||
429 | An example output:: | |
430 | ||
431 | 1-th fault Y: res=-1/23 | |
432 | 2-th fault Y: res=-1/23 | |
433 | 3-th fault Y: res=-1/12 | |
434 | 4-th fault Y: res=-1/12 | |
435 | 5-th fault Y: res=-1/23 | |
436 | 6-th fault Y: res=-1/23 | |
437 | 7-th fault Y: res=-1/23 | |
438 | 8-th fault Y: res=-1/12 | |
439 | 9-th fault Y: res=-1/12 | |
440 | 10-th fault Y: res=-1/12 | |
441 | 11-th fault Y: res=-1/12 | |
442 | 12-th fault Y: res=-1/12 | |
443 | 13-th fault Y: res=-1/12 | |
444 | 14-th fault Y: res=-1/12 | |
445 | 15-th fault Y: res=-1/12 | |
446 | 16-th fault N: res=0/12 |