[linux-block.git] / Documentation / fault-injection / fault-injection.rst

===========================================
Fault injection capabilities infrastructure
===========================================

See also drivers/md/md-faulty.c and "every_nth" module option for scsi_debug.


Available fault injection capabilities
--------------------------------------

- failslab

  injects slab allocation failures. (kmalloc(), kmem_cache_alloc(), ...)

- fail_page_alloc

  injects page allocation failures. (alloc_pages(), get_free_pages(), ...)

- fail_usercopy

  injects failures in user memory access functions. (copy_from_user(), get_user(), ...)

- fail_futex

  injects futex deadlock and uaddr fault errors.

- fail_sunrpc

  injects kernel RPC client and server failures.

- fail_make_request

  injects disk IO errors on devices permitted by setting
  /sys/block/<device>/make-it-fail or
  /sys/block/<device>/<partition>/make-it-fail. (submit_bio_noacct())

- fail_mmc_request

  injects MMC data errors on devices permitted by setting
  debugfs entries under /sys/kernel/debug/mmc0/fail_mmc_request

- fail_function

  injects error return on specific functions, which are marked by
  ALLOW_ERROR_INJECTION() macro, by setting debugfs entries
  under /sys/kernel/debug/fail_function. No boot option supported.

- NVMe fault injection

  inject NVMe status code and retry flag on devices permitted by setting
  debugfs entries under /sys/kernel/debug/nvme*/fault_inject. The default
  status code is NVME_SC_INVALID_OPCODE with no retry. The status code and
  retry flag can be set via the debugfs.


Configure fault-injection capabilities behavior
-----------------------------------------------

debugfs entries
^^^^^^^^^^^^^^^

fault-inject-debugfs kernel module provides some debugfs entries for runtime
configuration of fault-injection capabilities.

- /sys/kernel/debug/fail*/probability:

	likelihood of failure injection, in percent.

	Format: <percent>

	Note that one-failure-per-hundred is a very high error rate
	for some testcases.  Consider setting probability=100 and configure
	/sys/kernel/debug/fail*/interval for such testcases.

- /sys/kernel/debug/fail*/interval:

	specifies the interval between failures, for calls to
	should_fail() that pass all the other tests.

	Note that if you enable this, by setting interval>1, you will
	probably want to set probability=100.

- /sys/kernel/debug/fail*/times:

	specifies how many times failures may happen at most. A value of -1
	means "no limit". Note, though, that this file only accepts unsigned
	values. So, if you want to specify -1, you better use 'printf' instead
	of 'echo', e.g.: $ printf %#x -1 > times

- /sys/kernel/debug/fail*/space:

	specifies an initial resource "budget", decremented by "size"
	on each call to should_fail(,size).  Failure injection is
	suppressed until "space" reaches zero.

- /sys/kernel/debug/fail*/verbose

	Format: { 0 | 1 | 2 }

	specifies the verbosity of the messages when failure is
	injected.  '0' means no messages; '1' will print only a single
	log line per failure; '2' will print a call trace too -- useful
	to debug the problems revealed by fault injection.

- /sys/kernel/debug/fail*/task-filter:

	Format: { 'Y' | 'N' }

	A value of 'N' disables filtering by process (default).
	Any positive value limits failures to only processes indicated by
	/proc/<pid>/make-it-fail==1.

- /sys/kernel/debug/fail*/require-start,
  /sys/kernel/debug/fail*/require-end,
  /sys/kernel/debug/fail*/reject-start,
  /sys/kernel/debug/fail*/reject-end:

	specifies the range of virtual addresses tested during
	stacktrace walking.  Failure is injected only if some caller
	in the walked stacktrace lies within the required range, and
	none lies within the rejected range.
	Default required range is [0,ULONG_MAX) (whole of virtual address space).
	Default rejected range is [0,0).

- /sys/kernel/debug/fail*/stacktrace-depth:

	specifies the maximum stacktrace depth walked during search
	for a caller within [require-start,require-end) OR
	[reject-start,reject-end).

- /sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem:

	Format: { 'Y' | 'N' }

	default is 'Y', setting it to 'N' will also inject failures into
	highmem/user allocations (__GFP_HIGHMEM allocations).

- /sys/kernel/debug/failslab/ignore-gfp-wait:
- /sys/kernel/debug/fail_page_alloc/ignore-gfp-wait:

	Format: { 'Y' | 'N' }

	default is 'Y', setting it to 'N' will also inject failures
	into allocations that can sleep (__GFP_DIRECT_RECLAIM allocations).

- /sys/kernel/debug/fail_page_alloc/min-order:

	specifies the minimum page allocation order to be injected
	failures.

- /sys/kernel/debug/fail_futex/ignore-private:

	Format: { 'Y' | 'N' }

	default is 'N', setting it to 'Y' will disable failure injections
	when dealing with private (address space) futexes.

- /sys/kernel/debug/fail_sunrpc/ignore-client-disconnect:

	Format: { 'Y' | 'N' }

	default is 'N', setting it to 'Y' will disable disconnect
	injection on the RPC client.

- /sys/kernel/debug/fail_sunrpc/ignore-server-disconnect:

	Format: { 'Y' | 'N' }

	default is 'N', setting it to 'Y' will disable disconnect
	injection on the RPC server.

- /sys/kernel/debug/fail_sunrpc/ignore-cache-wait:

	Format: { 'Y' | 'N' }

	default is 'N', setting it to 'Y' will disable cache wait
	injection on the RPC server.

- /sys/kernel/debug/fail_function/inject:

	Format: { 'function-name' | '!function-name' | '' }

	specifies the target function of error injection by name.
	If the function name leads '!' prefix, given function is
	removed from injection list. If nothing specified ('')
	injection list is cleared.

- /sys/kernel/debug/fail_function/injectable:

	(read only) shows error injectable functions and what type of
	error values can be specified. The error type will be one of
	below;
	- NULL:	retval must be 0.
	- ERRNO: retval must be -1 to -MAX_ERRNO (-4096).
	- ERR_NULL: retval must be 0 or -1 to -MAX_ERRNO (-4096).

- /sys/kernel/debug/fail_function/<function-name>/retval:

	specifies the "error" return value to inject to the given function.
	This will be created when the user specifies a new injection entry.
	Note that this file only accepts unsigned values. So, if you want to
	use a negative errno, you better use 'printf' instead of 'echo', e.g.:
	$ printf %#x -12 > retval

Boot option
^^^^^^^^^^^

In order to inject faults while debugfs is not available (early boot time),
use the boot option::

	failslab=
	fail_page_alloc=
	fail_usercopy=
	fail_make_request=
	fail_futex=
	mmc_core.fail_request=<interval>,<probability>,<space>,<times>

proc entries
^^^^^^^^^^^^

- /proc/<pid>/fail-nth,
  /proc/self/task/<tid>/fail-nth:

	Write to this file of integer N makes N-th call in the task fail.
	Read from this file returns a integer value. A value of '0' indicates
	that the fault setup with a previous write to this file was injected.
	A positive integer N indicates that the fault wasn't yet injected.
	Note that this file enables all types of faults (slab, futex, etc).
	This setting takes precedence over all other generic debugfs settings
	like probability, interval, times, etc. But per-capability settings
	(e.g. fail_futex/ignore-private) take precedence over it.

	This feature is intended for systematic testing of faults in a single
	system call. See an example below.

How to add new fault injection capability
-----------------------------------------

- #include <linux/fault-inject.h>

- define the fault attributes

  DECLARE_FAULT_ATTR(name);

  Please see the definition of struct fault_attr in fault-inject.h
  for details.

- provide a way to configure fault attributes

- boot option

  If you need to enable the fault injection capability from boot time, you can
  provide boot option to configure it. There is a helper function for it:

	setup_fault_attr(attr, str);

- debugfs entries

  failslab, fail_page_alloc, fail_usercopy, and fail_make_request use this way.
  Helper functions:

	fault_create_debugfs_attr(name, parent, attr);

- module parameters

  If the scope of the fault injection capability is limited to a
  single kernel module, it is better to provide module parameters to
  configure the fault attributes.

- add a hook to insert failures

  Upon should_fail() returning true, client code should inject a failure:

	should_fail(attr, size);

Application Examples
--------------------

- Inject slab allocation failures into module init/exit code::

    #!/bin/bash

    FAILTYPE=failslab
    echo Y > /sys/kernel/debug/$FAILTYPE/task-filter
    echo 10 > /sys/kernel/debug/$FAILTYPE/probability
    echo 100 > /sys/kernel/debug/$FAILTYPE/interval
    printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
    echo 0 > /sys/kernel/debug/$FAILTYPE/space
    echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
    echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait

    faulty_system()
    {
	bash -c "echo 1 > /proc/self/make-it-fail && exec $*"
    }

    if [ $# -eq 0 ]
    then
	echo "Usage: $0 modulename [ modulename ... ]"
	exit 1
    fi

    for m in $*
    do
	echo inserting $m...
	faulty_system modprobe $m

	echo removing $m...
	faulty_system modprobe -r $m
    done

------------------------------------------------------------------------------

- Inject page allocation failures only for a specific module::

    #!/bin/bash

    FAILTYPE=fail_page_alloc
    module=$1

    if [ -z $module ]
    then
	echo "Usage: $0 <modulename>"
	exit 1
    fi

    modprobe $module

    if [ ! -d /sys/module/$module/sections ]
    then
	echo Module $module is not loaded
	exit 1
    fi

    cat /sys/module/$module/sections/.text > /sys/kernel/debug/$FAILTYPE/require-start
    cat /sys/module/$module/sections/.data > /sys/kernel/debug/$FAILTYPE/require-end

    echo N > /sys/kernel/debug/$FAILTYPE/task-filter
    echo 10 > /sys/kernel/debug/$FAILTYPE/probability
    echo 100 > /sys/kernel/debug/$FAILTYPE/interval
    printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
    echo 0 > /sys/kernel/debug/$FAILTYPE/space
    echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
    echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
    echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-highmem
    echo 10 > /sys/kernel/debug/$FAILTYPE/stacktrace-depth

    trap "echo 0 > /sys/kernel/debug/$FAILTYPE/probability" SIGINT SIGTERM EXIT

    echo "Injecting errors into the module $module... (interrupt to stop)"
    sleep 1000000

------------------------------------------------------------------------------

- Inject open_ctree error while btrfs mount::

    #!/bin/bash

    rm -f testfile.img
    dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1
    DEVICE=$(losetup --show -f testfile.img)
    mkfs.btrfs -f $DEVICE
    mkdir -p tmpmnt

    FAILTYPE=fail_function
    FAILFUNC=open_ctree
    echo $FAILFUNC > /sys/kernel/debug/$FAILTYPE/inject
    printf %#x -12 > /sys/kernel/debug/$FAILTYPE/$FAILFUNC/retval
    echo N > /sys/kernel/debug/$FAILTYPE/task-filter
    echo 100 > /sys/kernel/debug/$FAILTYPE/probability
    echo 0 > /sys/kernel/debug/$FAILTYPE/interval
    printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
    echo 0 > /sys/kernel/debug/$FAILTYPE/space
    echo 1 > /sys/kernel/debug/$FAILTYPE/verbose

    mount -t btrfs $DEVICE tmpmnt
    if [ $? -ne 0 ]
    then
	echo "SUCCESS!"
    else
	echo "FAILED!"
	umount tmpmnt
    fi

    echo > /sys/kernel/debug/$FAILTYPE/inject

    rmdir tmpmnt
    losetup -d $DEVICE
    rm testfile.img


Tool to run command with failslab or fail_page_alloc
----------------------------------------------------
In order to make it easier to accomplish the tasks mentioned above, we can use
tools/testing/fault-injection/failcmd.sh.  Please run a command
"./tools/testing/fault-injection/failcmd.sh --help" for more information and
see the following examples.

Examples:

Run a command "make -C tools/testing/selftests/ run_tests" with injecting slab
allocation failure::

	# ./tools/testing/fault-injection/failcmd.sh \
		-- make -C tools/testing/selftests/ run_tests

Same as above except to specify 100 times failures at most instead of one time
at most by default::

	# ./tools/testing/fault-injection/failcmd.sh --times=100 \
		-- make -C tools/testing/selftests/ run_tests

Same as above except to inject page allocation failure instead of slab
allocation failure::

	# env FAILCMD_TYPE=fail_page_alloc \
		./tools/testing/fault-injection/failcmd.sh --times=100 \
		-- make -C tools/testing/selftests/ run_tests

Systematic faults using fail-nth
---------------------------------

The following code systematically faults 0-th, 1-st, 2-nd and so on
capabilities in the socketpair() system call::

  #include <sys/types.h>
  #include <sys/stat.h>
  #include <sys/socket.h>
  #include <sys/syscall.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <string.h>
  #include <stdlib.h>
  #include <stdio.h>
  #include <errno.h>

  int main()
  {
	int i, err, res, fail_nth, fds[2];
	char buf[128];

	system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait");
	sprintf(buf, "/proc/self/task/%ld/fail-nth", syscall(SYS_gettid));
	fail_nth = open(buf, O_RDWR);
	for (i = 1;; i++) {
		sprintf(buf, "%d", i);
		write(fail_nth, buf, strlen(buf));
		res = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds);
		err = errno;
		pread(fail_nth, buf, sizeof(buf), 0);
		if (res == 0) {
			close(fds[0]);
			close(fds[1]);
		}
		printf("%d-th fault %c: res=%d/%d\n", i, atoi(buf) ? 'N' : 'Y',
			res, err);
		if (atoi(buf))
			break;
	}
	return 0;
  }

An example output::

	1-th fault Y: res=-1/23
	2-th fault Y: res=-1/23
	3-th fault Y: res=-1/12
	4-th fault Y: res=-1/12
	5-th fault Y: res=-1/23
	6-th fault Y: res=-1/23
	7-th fault Y: res=-1/23
	8-th fault Y: res=-1/12
	9-th fault Y: res=-1/12
	10-th fault Y: res=-1/12
	11-th fault Y: res=-1/12
	12-th fault Y: res=-1/12
	13-th fault Y: res=-1/12
	14-th fault Y: res=-1/12
	15-th fault Y: res=-1/12
	16-th fault N: res=0/12
Commit	Line	Data
10ffebbe	1	===========================================
de1ba09b AM	2	Fault injection capabilities infrastructure
	3	===========================================
	4
1892ce4c	5	See also drivers/md/md-faulty.c and "every_nth" module option for scsi_debug.
de1ba09b AM	6
	7
	8	Available fault injection capabilities
	9	--------------------------------------
	10
10ffebbe	11	- failslab
de1ba09b AM	12
	13	injects slab allocation failures. (kmalloc(), kmem_cache_alloc(), ...)
	14
10ffebbe	15	- fail_page_alloc
de1ba09b AM	16
	17	injects page allocation failures. (alloc_pages(), get_free_pages(), ...)
	18
2c739ced AL	19	- fail_usercopy
	20
	21	injects failures in user memory access functions. (copy_from_user(), get_user(), ...)
	22
10ffebbe	23	- fail_futex
ab51fbab DB	24
	25	injects futex deadlock and uaddr fault errors.
	26
400edd8c CL	27	- fail_sunrpc
	28
	29	injects kernel RPC client and server failures.
	30
10ffebbe	31	- fail_make_request
de1ba09b	32
5d0ffa2b	33	injects disk IO errors on devices permitted by setting
de1ba09b	34	/sys/block/<device>/make-it-fail or
ed00aabd	35	/sys/block/<device>/<partition>/make-it-fail. (submit_bio_noacct())
de1ba09b	36
10ffebbe	37	- fail_mmc_request
1e4cb22b PF	38
	39	injects MMC data errors on devices permitted by setting
	40	debugfs entries under /sys/kernel/debug/mmc0/fail_mmc_request
	41
10ffebbe	42	- fail_function
4b1a29a7 MH	43
	44	injects error return on specific functions, which are marked by
	45	ALLOW_ERROR_INJECTION() macro, by setting debugfs entries
	46	under /sys/kernel/debug/fail_function. No boot option supported.
	47
10ffebbe	48	- NVMe fault injection
cf4182f3 TT	49
	50	inject NVMe status code and retry flag on devices permitted by setting
	51	debugfs entries under /sys/kernel/debug/nvme*/fault_inject. The default
	52	status code is NVME_SC_INVALID_OPCODE with no retry. The status code and
	53	retry flag can be set via the debugfs.
	54
	55
de1ba09b AM	56	Configure fault-injection capabilities behavior
	57	-----------------------------------------------
	58
10ffebbe MCC	59	debugfs entries
10ffebbe MCC	60	^^^^^^^^^^^^^^^
de1ba09b AM	61
	62	fault-inject-debugfs kernel module provides some debugfs entries for runtime
	63	configuration of fault-injection capabilities.
	64
156f5a78	65	- /sys/kernel/debug/fail*/probability:
de1ba09b AM	66
de1ba09b AM	67	likelihood of failure injection, in percent.
10ffebbe	68
de1ba09b AM	69	Format: <percent>
de1ba09b AM	70
5d0ffa2b DM	71	Note that one-failure-per-hundred is a very high error rate
5d0ffa2b DM	72	for some testcases. Consider setting probability=100 and configure
156f5a78	73	/sys/kernel/debug/fail*/interval for such testcases.
de1ba09b	74
156f5a78	75	- /sys/kernel/debug/fail*/interval:
de1ba09b AM	76
	77	specifies the interval between failures, for calls to
	78	should_fail() that pass all the other tests.
	79
	80	Note that if you enable this, by setting interval>1, you will
	81	probably want to set probability=100.
	82
156f5a78	83	- /sys/kernel/debug/fail*/times:
de1ba09b	84
00574752 WS	85	specifies how many times failures may happen at most. A value of -1
	86	means "no limit". Note, though, that this file only accepts unsigned
	87	values. So, if you want to specify -1, you better use 'printf' instead
	88	of 'echo', e.g.: $ printf %#x -1 > times
de1ba09b	89
156f5a78	90	- /sys/kernel/debug/fail*/space:
de1ba09b AM	91
	92	specifies an initial resource "budget", decremented by "size"
	93	on each call to should_fail(,size). Failure injection is
	94	suppressed until "space" reaches zero.
	95
156f5a78	96	- /sys/kernel/debug/fail*/verbose
de1ba09b AM	97
de1ba09b AM	98	Format: { 0 \| 1 \| 2 }
10ffebbe	99
5d0ffa2b DM	100	specifies the verbosity of the messages when failure is
	101	injected. '0' means no messages; '1' will print only a single
	102	log line per failure; '2' will print a call trace too -- useful
	103	to debug the problems revealed by fault injection.
de1ba09b	104
156f5a78	105	- /sys/kernel/debug/fail*/task-filter:
de1ba09b	106
5d0ffa2b	107	Format: { 'Y' \| 'N' }
10ffebbe	108
5d0ffa2b	109	A value of 'N' disables filtering by process (default).
de1ba09b AM	110	Any positive value limits failures to only processes indicated by
	111	/proc/<pid>/make-it-fail==1.
	112
10ffebbe MCC	113	- /sys/kernel/debug/fail*/require-start,
	114	/sys/kernel/debug/fail*/require-end,
	115	/sys/kernel/debug/fail*/reject-start,
	116	/sys/kernel/debug/fail*/reject-end:
de1ba09b AM	117
	118	specifies the range of virtual addresses tested during
	119	stacktrace walking. Failure is injected only if some caller
329409ae AM	120	in the walked stacktrace lies within the required range, and
	121	none lies within the rejected range.
	122	Default required range is [0,ULONG_MAX) (whole of virtual address space).
	123	Default rejected range is [0,0).
de1ba09b	124
156f5a78	125	- /sys/kernel/debug/fail*/stacktrace-depth:
de1ba09b AM	126
de1ba09b AM	127	specifies the maximum stacktrace depth walked during search
5d0ffa2b DM	128	for a caller within [require-start,require-end) OR
5d0ffa2b DM	129	[reject-start,reject-end).
de1ba09b	130
156f5a78	131	- /sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem:
de1ba09b	132
5d0ffa2b	133	Format: { 'Y' \| 'N' }
10ffebbe	134
bad3fbb2 DY	135	default is 'Y', setting it to 'N' will also inject failures into
bad3fbb2 DY	136	highmem/user allocations (__GFP_HIGHMEM allocations).
de1ba09b	137
156f5a78 GL	138	- /sys/kernel/debug/failslab/ignore-gfp-wait:
156f5a78 GL	139	- /sys/kernel/debug/fail_page_alloc/ignore-gfp-wait:
de1ba09b	140
5d0ffa2b	141	Format: { 'Y' \| 'N' }
10ffebbe	142
bad3fbb2 DY	143	default is 'Y', setting it to 'N' will also inject failures
bad3fbb2 DY	144	into allocations that can sleep (__GFP_DIRECT_RECLAIM allocations).
de1ba09b	145
156f5a78	146	- /sys/kernel/debug/fail_page_alloc/min-order:
54114994 AM	147
	148	specifies the minimum page allocation order to be injected
	149	failures.
	150
ab51fbab DB	151	- /sys/kernel/debug/fail_futex/ignore-private:
	152
	153	Format: { 'Y' \| 'N' }
10ffebbe	154
ab51fbab DB	155	default is 'N', setting it to 'Y' will disable failure injections
	156	when dealing with private (address space) futexes.
	157
400edd8c CL	158	- /sys/kernel/debug/fail_sunrpc/ignore-client-disconnect:
	159
	160	Format: { 'Y' \| 'N' }
	161
	162	default is 'N', setting it to 'Y' will disable disconnect
	163	injection on the RPC client.
	164
	165	- /sys/kernel/debug/fail_sunrpc/ignore-server-disconnect:
	166
	167	Format: { 'Y' \| 'N' }
	168
	169	default is 'N', setting it to 'Y' will disable disconnect
	170	injection on the RPC server.
	171
36f2ef2d CL	172	- /sys/kernel/debug/fail_sunrpc/ignore-cache-wait:
	173
	174	Format: { 'Y' \| 'N' }
	175
	176	default is 'N', setting it to 'Y' will disable cache wait
	177	injection on the RPC server.
	178
4b1a29a7 MH	179	- /sys/kernel/debug/fail_function/inject:
	180
	181	Format: { 'function-name' \| '!function-name' \| '' }
10ffebbe	182
4b1a29a7 MH	183	specifies the target function of error injection by name.
	184	If the function name leads '!' prefix, given function is
	185	removed from injection list. If nothing specified ('')
	186	injection list is cleared.
	187
	188	- /sys/kernel/debug/fail_function/injectable:
	189
	190	(read only) shows error injectable functions and what type of
	191	error values can be specified. The error type will be one of
	192	below;
	193	- NULL: retval must be 0.
	194	- ERRNO: retval must be -1 to -MAX_ERRNO (-4096).
	195	- ERR_NULL: retval must be 0 or -1 to -MAX_ERRNO (-4096).
	196
00574752	197	- /sys/kernel/debug/fail_function/<function-name>/retval:
4b1a29a7	198
00574752 WS	199	specifies the "error" return value to inject to the given function.
	200	This will be created when the user specifies a new injection entry.
	201	Note that this file only accepts unsigned values. So, if you want to
	202	use a negative errno, you better use 'printf' instead of 'echo', e.g.:
	203	$ printf %#x -12 > retval
4b1a29a7	204
10ffebbe MCC	205	Boot option
10ffebbe MCC	206	^^^^^^^^^^^
de1ba09b AM	207
de1ba09b AM	208	In order to inject faults while debugfs is not available (early boot time),
10ffebbe	209	use the boot option::
de1ba09b AM	210
	211	failslab=
	212	fail_page_alloc=
2c739ced	213	fail_usercopy=
1e4cb22b	214	fail_make_request=
ab51fbab	215	fail_futex=
199e3f4b	216	mmc_core.fail_request=<interval>,<probability>,<space>,<times>
de1ba09b	217
10ffebbe MCC	218	proc entries
10ffebbe MCC	219	^^^^^^^^^^^^
e41d5818	220
10ffebbe MCC	221	- /proc/<pid>/fail-nth,
10ffebbe MCC	222	/proc/self/task/<tid>/fail-nth:
e41d5818	223
9049f2f6	224	Write to this file of integer N makes N-th call in the task fail.
bfc74093 AM	225	Read from this file returns a integer value. A value of '0' indicates
	226	that the fault setup with a previous write to this file was injected.
	227	A positive integer N indicates that the fault wasn't yet injected.
e41d5818 DV	228	Note that this file enables all types of faults (slab, futex, etc).
	229	This setting takes precedence over all other generic debugfs settings
	230	like probability, interval, times, etc. But per-capability settings
	231	(e.g. fail_futex/ignore-private) take precedence over it.
	232
	233	This feature is intended for systematic testing of faults in a single
	234	system call. See an example below.
	235
de1ba09b AM	236	How to add new fault injection capability
	237	-----------------------------------------
	238
10ffebbe	239	- #include <linux/fault-inject.h>
de1ba09b	240
10ffebbe	241	- define the fault attributes
de1ba09b	242
2d87948a	243	DECLARE_FAULT_ATTR(name);
de1ba09b AM	244
	245	Please see the definition of struct fault_attr in fault-inject.h
	246	for details.
	247
10ffebbe	248	- provide a way to configure fault attributes
de1ba09b AM	249
	250	- boot option
	251
	252	If you need to enable the fault injection capability from boot time, you can
5d0ffa2b	253	provide boot option to configure it. There is a helper function for it:
de1ba09b	254
5d0ffa2b	255	setup_fault_attr(attr, str);
de1ba09b AM	256
	257	- debugfs entries
	258
2c739ced	259	failslab, fail_page_alloc, fail_usercopy, and fail_make_request use this way.
5d0ffa2b	260	Helper functions:
de1ba09b	261
dd48c085	262	fault_create_debugfs_attr(name, parent, attr);
de1ba09b AM	263
	264	- module parameters
	265
	266	If the scope of the fault injection capability is limited to a
	267	single kernel module, it is better to provide module parameters to
	268	configure the fault attributes.
	269
10ffebbe	270	- add a hook to insert failures
de1ba09b	271
10ffebbe	272	Upon should_fail() returning true, client code should inject a failure:
de1ba09b	273
5d0ffa2b	274	should_fail(attr, size);
de1ba09b AM	275
	276	Application Examples
	277	--------------------
	278
10ffebbe	279	- Inject slab allocation failures into module init/exit code::
de1ba09b	280
10ffebbe	281	#!/bin/bash
de1ba09b	282
10ffebbe MCC	283	FAILTYPE=failslab
	284	echo Y > /sys/kernel/debug/$FAILTYPE/task-filter
	285	echo 10 > /sys/kernel/debug/$FAILTYPE/probability
	286	echo 100 > /sys/kernel/debug/$FAILTYPE/interval
00574752	287	printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
10ffebbe MCC	288	echo 0 > /sys/kernel/debug/$FAILTYPE/space
10ffebbe MCC	289	echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
bad3fbb2	290	echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
de1ba09b	291
10ffebbe MCC	292	faulty_system()
10ffebbe MCC	293	{
18584870	294	bash -c "echo 1 > /proc/self/make-it-fail && exec $*"
10ffebbe	295	}
de1ba09b	296
10ffebbe MCC	297	if [ $# -eq 0 ]
10ffebbe MCC	298	then
18584870 AM	299	echo "Usage: $0 modulename [ modulename ... ]"
18584870 AM	300	exit 1
10ffebbe	301	fi
18584870	302
10ffebbe MCC	303	for m in $*
10ffebbe MCC	304	do
18584870 AM	305	echo inserting $m...
18584870 AM	306	faulty_system modprobe $m
de1ba09b	307
18584870 AM	308	echo removing $m...
18584870 AM	309	faulty_system modprobe -r $m
10ffebbe	310	done
de1ba09b AM	311
	312	------------------------------------------------------------------------------
	313
10ffebbe	314	- Inject page allocation failures only for a specific module::
de1ba09b	315
10ffebbe	316	#!/bin/bash
de1ba09b	317
10ffebbe MCC	318	FAILTYPE=fail_page_alloc
10ffebbe MCC	319	module=$1
de1ba09b	320
10ffebbe MCC	321	if [ -z $module ]
10ffebbe MCC	322	then
18584870 AM	323	echo "Usage: $0 <modulename>"
18584870 AM	324	exit 1
10ffebbe	325	fi
de1ba09b	326
10ffebbe	327	modprobe $module
de1ba09b	328
10ffebbe MCC	329	if [ ! -d /sys/module/$module/sections ]
10ffebbe MCC	330	then
18584870 AM	331	echo Module $module is not loaded
18584870 AM	332	exit 1
10ffebbe	333	fi
18584870	334
10ffebbe MCC	335	cat /sys/module/$module/sections/.text > /sys/kernel/debug/$FAILTYPE/require-start
10ffebbe MCC	336	cat /sys/module/$module/sections/.data > /sys/kernel/debug/$FAILTYPE/require-end
18584870	337
10ffebbe MCC	338	echo N > /sys/kernel/debug/$FAILTYPE/task-filter
	339	echo 10 > /sys/kernel/debug/$FAILTYPE/probability
	340	echo 100 > /sys/kernel/debug/$FAILTYPE/interval
00574752	341	printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
10ffebbe MCC	342	echo 0 > /sys/kernel/debug/$FAILTYPE/space
10ffebbe MCC	343	echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
bad3fbb2 DY	344	echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
bad3fbb2 DY	345	echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-highmem
10ffebbe	346	echo 10 > /sys/kernel/debug/$FAILTYPE/stacktrace-depth
18584870	347
10ffebbe	348	trap "echo 0 > /sys/kernel/debug/$FAILTYPE/probability" SIGINT SIGTERM EXIT
18584870	349
10ffebbe MCC	350	echo "Injecting errors into the module $module... (interrupt to stop)"
10ffebbe MCC	351	sleep 1000000
de1ba09b	352
4b1a29a7 MH	353	------------------------------------------------------------------------------
4b1a29a7 MH	354
10ffebbe MCC	355	- Inject open_ctree error while btrfs mount::
	356
	357	#!/bin/bash
	358
	359	rm -f testfile.img
	360	dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1
	361	DEVICE=$(losetup --show -f testfile.img)
	362	mkfs.btrfs -f $DEVICE
	363	mkdir -p tmpmnt
	364
	365	FAILTYPE=fail_function
	366	FAILFUNC=open_ctree
	367	echo $FAILFUNC > /sys/kernel/debug/$FAILTYPE/inject
00574752	368	printf %#x -12 > /sys/kernel/debug/$FAILTYPE/$FAILFUNC/retval
10ffebbe MCC	369	echo N > /sys/kernel/debug/$FAILTYPE/task-filter
	370	echo 100 > /sys/kernel/debug/$FAILTYPE/probability
	371	echo 0 > /sys/kernel/debug/$FAILTYPE/interval
00574752	372	printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
10ffebbe MCC	373	echo 0 > /sys/kernel/debug/$FAILTYPE/space
	374	echo 1 > /sys/kernel/debug/$FAILTYPE/verbose
	375
	376	mount -t btrfs $DEVICE tmpmnt
	377	if [ $? -ne 0 ]
	378	then
4b1a29a7	379	echo "SUCCESS!"
10ffebbe	380	else
4b1a29a7 MH	381	echo "FAILED!"
4b1a29a7 MH	382	umount tmpmnt
10ffebbe	383	fi
4b1a29a7	384
10ffebbe	385	echo > /sys/kernel/debug/$FAILTYPE/inject
4b1a29a7	386
10ffebbe MCC	387	rmdir tmpmnt
	388	losetup -d $DEVICE
	389	rm testfile.img
4b1a29a7 MH	390
4b1a29a7 MH	391
c24aa64d AM	392	Tool to run command with failslab or fail_page_alloc
	393	----------------------------------------------------
	394	In order to make it easier to accomplish the tasks mentioned above, we can use
	395	tools/testing/fault-injection/failcmd.sh. Please run a command
	396	"./tools/testing/fault-injection/failcmd.sh --help" for more information and
	397	see the following examples.
	398
	399	Examples:
	400
	401	Run a command "make -C tools/testing/selftests/ run_tests" with injecting slab
10ffebbe	402	allocation failure::
c24aa64d AM	403
	404	# ./tools/testing/fault-injection/failcmd.sh \
	405	-- make -C tools/testing/selftests/ run_tests
	406
	407	Same as above except to specify 100 times failures at most instead of one time
10ffebbe	408	at most by default::
c24aa64d AM	409
	410	# ./tools/testing/fault-injection/failcmd.sh --times=100 \
	411	-- make -C tools/testing/selftests/ run_tests
	412
	413	Same as above except to inject page allocation failure instead of slab
10ffebbe	414	allocation failure::
c24aa64d AM	415
	416	# env FAILCMD_TYPE=fail_page_alloc \
	417	./tools/testing/fault-injection/failcmd.sh --times=100 \
10ffebbe	418	-- make -C tools/testing/selftests/ run_tests
e41d5818 DV	419
	420	Systematic faults using fail-nth
	421	---------------------------------
	422
	423	The following code systematically faults 0-th, 1-st, 2-nd and so on
10ffebbe MCC	424	capabilities in the socketpair() system call::
	425
	426	#include <sys/types.h>
	427	#include <sys/stat.h>
	428	#include <sys/socket.h>
	429	#include <sys/syscall.h>
	430	#include <fcntl.h>
	431	#include <unistd.h>
	432	#include <string.h>
	433	#include <stdlib.h>
	434	#include <stdio.h>
	435	#include <errno.h>
	436
	437	int main()
	438	{
e41d5818 DV	439	int i, err, res, fail_nth, fds[2];
	440	char buf[128];
	441
	442	system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait");
	443	sprintf(buf, "/proc/self/task/%ld/fail-nth", syscall(SYS_gettid));
	444	fail_nth = open(buf, O_RDWR);
9049f2f6	445	for (i = 1;; i++) {
e41d5818 DV	446	sprintf(buf, "%d", i);
	447	write(fail_nth, buf, strlen(buf));
	448	res = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds);
	449	err = errno;
bfc74093	450	pread(fail_nth, buf, sizeof(buf), 0);
e41d5818 DV	451	if (res == 0) {
	452	close(fds[0]);
	453	close(fds[1]);
	454	}
bfc74093 AM	455	printf("%d-th fault %c: res=%d/%d\n", i, atoi(buf) ? 'N' : 'Y',
	456	res, err);
	457	if (atoi(buf))
e41d5818 DV	458	break;
	459	}
	460	return 0;
10ffebbe MCC	461	}
	462
	463	An example output::
	464
	465	1-th fault Y: res=-1/23
	466	2-th fault Y: res=-1/23
	467	3-th fault Y: res=-1/12
	468	4-th fault Y: res=-1/12
	469	5-th fault Y: res=-1/23
	470	6-th fault Y: res=-1/23
	471	7-th fault Y: res=-1/23
	472	8-th fault Y: res=-1/12
	473	9-th fault Y: res=-1/12
	474	10-th fault Y: res=-1/12
	475	11-th fault Y: res=-1/12
	476	12-th fault Y: res=-1/12
	477	13-th fault Y: res=-1/12
	478	14-th fault Y: res=-1/12
	479	15-th fault Y: res=-1/12
	480	16-th fault N: res=0/12