1 ===========================================
2 Fault injection capabilities infrastructure
3 ===========================================
5 See also drivers/md/md-faulty.c and "every_nth" module option for scsi_debug.
8 Available fault injection capabilities
9 --------------------------------------
13 injects slab allocation failures. (kmalloc(), kmem_cache_alloc(), ...)
17 injects page allocation failures. (alloc_pages(), get_free_pages(), ...)
21 injects failures in user memory access functions. (copy_from_user(), get_user(), ...)
25 injects futex deadlock and uaddr fault errors.
29 injects kernel RPC client and server failures.
33 injects disk IO errors on devices permitted by setting
34 /sys/block/<device>/make-it-fail or
35 /sys/block/<device>/<partition>/make-it-fail. (submit_bio_noacct())
39 injects MMC data errors on devices permitted by setting
40 debugfs entries under /sys/kernel/debug/mmc0/fail_mmc_request
44 injects error return on specific functions, which are marked by
45 ALLOW_ERROR_INJECTION() macro, by setting debugfs entries
46 under /sys/kernel/debug/fail_function. No boot option supported.
48 - NVMe fault injection
50 inject NVMe status code and retry flag on devices permitted by setting
51 debugfs entries under /sys/kernel/debug/nvme*/fault_inject. The default
52 status code is NVME_SC_INVALID_OPCODE with no retry. The status code and
53 retry flag can be set via the debugfs.
56 Configure fault-injection capabilities behavior
57 -----------------------------------------------
62 fault-inject-debugfs kernel module provides some debugfs entries for runtime
63 configuration of fault-injection capabilities.
65 - /sys/kernel/debug/fail*/probability:
67 likelihood of failure injection, in percent.
71 Note that one-failure-per-hundred is a very high error rate
72 for some testcases. Consider setting probability=100 and configure
73 /sys/kernel/debug/fail*/interval for such testcases.
75 - /sys/kernel/debug/fail*/interval:
77 specifies the interval between failures, for calls to
78 should_fail() that pass all the other tests.
80 Note that if you enable this, by setting interval>1, you will
81 probably want to set probability=100.
83 - /sys/kernel/debug/fail*/times:
85 specifies how many times failures may happen at most. A value of -1
86 means "no limit". Note, though, that this file only accepts unsigned
87 values. So, if you want to specify -1, you better use 'printf' instead
88 of 'echo', e.g.: $ printf %#x -1 > times
90 - /sys/kernel/debug/fail*/space:
92 specifies an initial resource "budget", decremented by "size"
93 on each call to should_fail(,size). Failure injection is
94 suppressed until "space" reaches zero.
96 - /sys/kernel/debug/fail*/verbose
100 specifies the verbosity of the messages when failure is
101 injected. '0' means no messages; '1' will print only a single
102 log line per failure; '2' will print a call trace too -- useful
103 to debug the problems revealed by fault injection.
105 - /sys/kernel/debug/fail*/task-filter:
107 Format: { 'Y' | 'N' }
109 A value of 'N' disables filtering by process (default).
110 Any positive value limits failures to only processes indicated by
111 /proc/<pid>/make-it-fail==1.
113 - /sys/kernel/debug/fail*/require-start,
114 /sys/kernel/debug/fail*/require-end,
115 /sys/kernel/debug/fail*/reject-start,
116 /sys/kernel/debug/fail*/reject-end:
118 specifies the range of virtual addresses tested during
119 stacktrace walking. Failure is injected only if some caller
120 in the walked stacktrace lies within the required range, and
121 none lies within the rejected range.
122 Default required range is [0,ULONG_MAX) (whole of virtual address space).
123 Default rejected range is [0,0).
125 - /sys/kernel/debug/fail*/stacktrace-depth:
127 specifies the maximum stacktrace depth walked during search
128 for a caller within [require-start,require-end) OR
129 [reject-start,reject-end).
131 - /sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem:
133 Format: { 'Y' | 'N' }
135 default is 'Y', setting it to 'N' will also inject failures into
136 highmem/user allocations (__GFP_HIGHMEM allocations).
138 - /sys/kernel/debug/failslab/ignore-gfp-wait:
139 - /sys/kernel/debug/fail_page_alloc/ignore-gfp-wait:
141 Format: { 'Y' | 'N' }
143 default is 'Y', setting it to 'N' will also inject failures
144 into allocations that can sleep (__GFP_DIRECT_RECLAIM allocations).
146 - /sys/kernel/debug/fail_page_alloc/min-order:
148 specifies the minimum page allocation order to be injected
151 - /sys/kernel/debug/fail_futex/ignore-private:
153 Format: { 'Y' | 'N' }
155 default is 'N', setting it to 'Y' will disable failure injections
156 when dealing with private (address space) futexes.
158 - /sys/kernel/debug/fail_sunrpc/ignore-client-disconnect:
160 Format: { 'Y' | 'N' }
162 default is 'N', setting it to 'Y' will disable disconnect
163 injection on the RPC client.
165 - /sys/kernel/debug/fail_sunrpc/ignore-server-disconnect:
167 Format: { 'Y' | 'N' }
169 default is 'N', setting it to 'Y' will disable disconnect
170 injection on the RPC server.
172 - /sys/kernel/debug/fail_sunrpc/ignore-cache-wait:
174 Format: { 'Y' | 'N' }
176 default is 'N', setting it to 'Y' will disable cache wait
177 injection on the RPC server.
179 - /sys/kernel/debug/fail_function/inject:
181 Format: { 'function-name' | '!function-name' | '' }
183 specifies the target function of error injection by name.
184 If the function name leads '!' prefix, given function is
185 removed from injection list. If nothing specified ('')
186 injection list is cleared.
188 - /sys/kernel/debug/fail_function/injectable:
190 (read only) shows error injectable functions and what type of
191 error values can be specified. The error type will be one of
193 - NULL: retval must be 0.
194 - ERRNO: retval must be -1 to -MAX_ERRNO (-4096).
195 - ERR_NULL: retval must be 0 or -1 to -MAX_ERRNO (-4096).
197 - /sys/kernel/debug/fail_function/<function-name>/retval:
199 specifies the "error" return value to inject to the given function.
200 This will be created when the user specifies a new injection entry.
201 Note that this file only accepts unsigned values. So, if you want to
202 use a negative errno, you better use 'printf' instead of 'echo', e.g.:
203 $ printf %#x -12 > retval
208 In order to inject faults while debugfs is not available (early boot time),
209 use the boot option::
216 mmc_core.fail_request=<interval>,<probability>,<space>,<times>
221 - /proc/<pid>/fail-nth,
222 /proc/self/task/<tid>/fail-nth:
224 Write to this file of integer N makes N-th call in the task fail.
225 Read from this file returns a integer value. A value of '0' indicates
226 that the fault setup with a previous write to this file was injected.
227 A positive integer N indicates that the fault wasn't yet injected.
228 Note that this file enables all types of faults (slab, futex, etc).
229 This setting takes precedence over all other generic debugfs settings
230 like probability, interval, times, etc. But per-capability settings
231 (e.g. fail_futex/ignore-private) take precedence over it.
233 This feature is intended for systematic testing of faults in a single
234 system call. See an example below.
236 How to add new fault injection capability
237 -----------------------------------------
239 - #include <linux/fault-inject.h>
241 - define the fault attributes
243 DECLARE_FAULT_ATTR(name);
245 Please see the definition of struct fault_attr in fault-inject.h
248 - provide a way to configure fault attributes
252 If you need to enable the fault injection capability from boot time, you can
253 provide boot option to configure it. There is a helper function for it:
255 setup_fault_attr(attr, str);
259 failslab, fail_page_alloc, fail_usercopy, and fail_make_request use this way.
262 fault_create_debugfs_attr(name, parent, attr);
266 If the scope of the fault injection capability is limited to a
267 single kernel module, it is better to provide module parameters to
268 configure the fault attributes.
270 - add a hook to insert failures
272 Upon should_fail() returning true, client code should inject a failure:
274 should_fail(attr, size);
279 - Inject slab allocation failures into module init/exit code::
284 echo Y > /sys/kernel/debug/$FAILTYPE/task-filter
285 echo 10 > /sys/kernel/debug/$FAILTYPE/probability
286 echo 100 > /sys/kernel/debug/$FAILTYPE/interval
287 printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
288 echo 0 > /sys/kernel/debug/$FAILTYPE/space
289 echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
290 echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
294 bash -c "echo 1 > /proc/self/make-it-fail && exec $*"
299 echo "Usage: $0 modulename [ modulename ... ]"
306 faulty_system modprobe $m
309 faulty_system modprobe -r $m
312 ------------------------------------------------------------------------------
314 - Inject page allocation failures only for a specific module::
318 FAILTYPE=fail_page_alloc
323 echo "Usage: $0 <modulename>"
329 if [ ! -d /sys/module/$module/sections ]
331 echo Module $module is not loaded
335 cat /sys/module/$module/sections/.text > /sys/kernel/debug/$FAILTYPE/require-start
336 cat /sys/module/$module/sections/.data > /sys/kernel/debug/$FAILTYPE/require-end
338 echo N > /sys/kernel/debug/$FAILTYPE/task-filter
339 echo 10 > /sys/kernel/debug/$FAILTYPE/probability
340 echo 100 > /sys/kernel/debug/$FAILTYPE/interval
341 printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
342 echo 0 > /sys/kernel/debug/$FAILTYPE/space
343 echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
344 echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
345 echo Y > /sys/kernel/debug/$FAILTYPE/ignore-gfp-highmem
346 echo 10 > /sys/kernel/debug/$FAILTYPE/stacktrace-depth
348 trap "echo 0 > /sys/kernel/debug/$FAILTYPE/probability" SIGINT SIGTERM EXIT
350 echo "Injecting errors into the module $module... (interrupt to stop)"
353 ------------------------------------------------------------------------------
355 - Inject open_ctree error while btrfs mount::
360 dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1
361 DEVICE=$(losetup --show -f testfile.img)
362 mkfs.btrfs -f $DEVICE
365 FAILTYPE=fail_function
367 echo $FAILFUNC > /sys/kernel/debug/$FAILTYPE/inject
368 printf %#x -12 > /sys/kernel/debug/$FAILTYPE/$FAILFUNC/retval
369 echo N > /sys/kernel/debug/$FAILTYPE/task-filter
370 echo 100 > /sys/kernel/debug/$FAILTYPE/probability
371 echo 0 > /sys/kernel/debug/$FAILTYPE/interval
372 printf %#x -1 > /sys/kernel/debug/$FAILTYPE/times
373 echo 0 > /sys/kernel/debug/$FAILTYPE/space
374 echo 1 > /sys/kernel/debug/$FAILTYPE/verbose
376 mount -t btrfs $DEVICE tmpmnt
385 echo > /sys/kernel/debug/$FAILTYPE/inject
392 Tool to run command with failslab or fail_page_alloc
393 ----------------------------------------------------
394 In order to make it easier to accomplish the tasks mentioned above, we can use
395 tools/testing/fault-injection/failcmd.sh. Please run a command
396 "./tools/testing/fault-injection/failcmd.sh --help" for more information and
397 see the following examples.
401 Run a command "make -C tools/testing/selftests/ run_tests" with injecting slab
404 # ./tools/testing/fault-injection/failcmd.sh \
405 -- make -C tools/testing/selftests/ run_tests
407 Same as above except to specify 100 times failures at most instead of one time
410 # ./tools/testing/fault-injection/failcmd.sh --times=100 \
411 -- make -C tools/testing/selftests/ run_tests
413 Same as above except to inject page allocation failure instead of slab
416 # env FAILCMD_TYPE=fail_page_alloc \
417 ./tools/testing/fault-injection/failcmd.sh --times=100 \
418 -- make -C tools/testing/selftests/ run_tests
420 Systematic faults using fail-nth
421 ---------------------------------
423 The following code systematically faults 0-th, 1-st, 2-nd and so on
424 capabilities in the socketpair() system call::
426 #include <sys/types.h>
427 #include <sys/stat.h>
428 #include <sys/socket.h>
429 #include <sys/syscall.h>
439 int i, err, res, fail_nth, fds[2];
442 system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait");
443 sprintf(buf, "/proc/self/task/%ld/fail-nth", syscall(SYS_gettid));
444 fail_nth = open(buf, O_RDWR);
446 sprintf(buf, "%d", i);
447 write(fail_nth, buf, strlen(buf));
448 res = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds);
450 pread(fail_nth, buf, sizeof(buf), 0);
455 printf("%d-th fault %c: res=%d/%d\n", i, atoi(buf) ? 'N' : 'Y',
465 1-th fault Y: res=-1/23
466 2-th fault Y: res=-1/23
467 3-th fault Y: res=-1/12
468 4-th fault Y: res=-1/12
469 5-th fault Y: res=-1/23
470 6-th fault Y: res=-1/23
471 7-th fault Y: res=-1/23
472 8-th fault Y: res=-1/12
473 9-th fault Y: res=-1/12
474 10-th fault Y: res=-1/12
475 11-th fault Y: res=-1/12
476 12-th fault Y: res=-1/12
477 13-th fault Y: res=-1/12
478 14-th fault Y: res=-1/12
479 15-th fault Y: res=-1/12
480 16-th fault N: res=0/12