1 ===========================================
2 Fault injection capabilities infrastructure
3 ===========================================
5 See also drivers/md/md-faulty.c and "every_nth" module option for scsi_debug.
8 Available fault injection capabilities
9 --------------------------------------
13 injects slab allocation failures. (kmalloc(), kmem_cache_alloc(), ...)
17 injects page allocation failures. (alloc_pages(), get_free_pages(), ...)
21 injects futex deadlock and uaddr fault errors.
25 injects disk IO errors on devices permitted by setting
26 /sys/block/<device>/make-it-fail or
27 /sys/block/<device>/<partition>/make-it-fail. (generic_make_request())
31 injects MMC data errors on devices permitted by setting
32 debugfs entries under /sys/kernel/debug/mmc0/fail_mmc_request
36 injects error return on specific functions, which are marked by
37 ALLOW_ERROR_INJECTION() macro, by setting debugfs entries
38 under /sys/kernel/debug/fail_function. No boot option supported.
40 - NVMe fault injection
42 inject NVMe status code and retry flag on devices permitted by setting
43 debugfs entries under /sys/kernel/debug/nvme*/fault_inject. The default
44 status code is NVME_SC_INVALID_OPCODE with no retry. The status code and
45 retry flag can be set via the debugfs.
48 Configure fault-injection capabilities behavior
49 -----------------------------------------------
54 fault-inject-debugfs kernel module provides some debugfs entries for runtime
55 configuration of fault-injection capabilities.
57 - /sys/kernel/debug/fail*/probability:
59 likelihood of failure injection, in percent.
63 Note that one-failure-per-hundred is a very high error rate
64 for some testcases. Consider setting probability=100 and configure
65 /sys/kernel/debug/fail*/interval for such testcases.
67 - /sys/kernel/debug/fail*/interval:
69 specifies the interval between failures, for calls to
70 should_fail() that pass all the other tests.
72 Note that if you enable this, by setting interval>1, you will
73 probably want to set probability=100.
75 - /sys/kernel/debug/fail*/times:
77 specifies how many times failures may happen at most. A value of -1
80 - /sys/kernel/debug/fail*/space:
82 specifies an initial resource "budget", decremented by "size"
83 on each call to should_fail(,size). Failure injection is
84 suppressed until "space" reaches zero.
86 - /sys/kernel/debug/fail*/verbose
90 specifies the verbosity of the messages when failure is
91 injected. '0' means no messages; '1' will print only a single
92 log line per failure; '2' will print a call trace too -- useful
93 to debug the problems revealed by fault injection.
95 - /sys/kernel/debug/fail*/task-filter:
99 A value of 'N' disables filtering by process (default).
100 Any positive value limits failures to only processes indicated by
101 /proc/<pid>/make-it-fail==1.
103 - /sys/kernel/debug/fail*/require-start,
104 /sys/kernel/debug/fail*/require-end,
105 /sys/kernel/debug/fail*/reject-start,
106 /sys/kernel/debug/fail*/reject-end:
108 specifies the range of virtual addresses tested during
109 stacktrace walking. Failure is injected only if some caller
110 in the walked stacktrace lies within the required range, and
111 none lies within the rejected range.
112 Default required range is [0,ULONG_MAX) (whole of virtual address space).
113 Default rejected range is [0,0).
115 - /sys/kernel/debug/fail*/stacktrace-depth:
117 specifies the maximum stacktrace depth walked during search
118 for a caller within [require-start,require-end) OR
119 [reject-start,reject-end).
121 - /sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem:
123 Format: { 'Y' | 'N' }
125 default is 'N', setting it to 'Y' won't inject failures into
126 highmem/user allocations.
128 - /sys/kernel/debug/failslab/ignore-gfp-wait:
129 - /sys/kernel/debug/fail_page_alloc/ignore-gfp-wait:
131 Format: { 'Y' | 'N' }
133 default is 'N', setting it to 'Y' will inject failures
134 only into non-sleep allocations (GFP_ATOMIC allocations).
136 - /sys/kernel/debug/fail_page_alloc/min-order:
138 specifies the minimum page allocation order to be injected
141 - /sys/kernel/debug/fail_futex/ignore-private:
143 Format: { 'Y' | 'N' }
145 default is 'N', setting it to 'Y' will disable failure injections
146 when dealing with private (address space) futexes.
148 - /sys/kernel/debug/fail_function/inject:
150 Format: { 'function-name' | '!function-name' | '' }
152 specifies the target function of error injection by name.
153 If the function name leads '!' prefix, given function is
154 removed from injection list. If nothing specified ('')
155 injection list is cleared.
157 - /sys/kernel/debug/fail_function/injectable:
159 (read only) shows error injectable functions and what type of
160 error values can be specified. The error type will be one of
162 - NULL: retval must be 0.
163 - ERRNO: retval must be -1 to -MAX_ERRNO (-4096).
164 - ERR_NULL: retval must be 0 or -1 to -MAX_ERRNO (-4096).
166 - /sys/kernel/debug/fail_function/<function-name>/retval:
168 specifies the "error" return value to inject to the given function.
169 This will be created when the user specifies a new injection entry.
170 Note that this file only accepts unsigned values. So, if you want to
171 use a negative errno, you better use 'printf' instead of 'echo', e.g.:
172 $ printf %#x -12 > retval
177 In order to inject faults while debugfs is not available (early boot time),
178 use the boot option::
184 mmc_core.fail_request=<interval>,<probability>,<space>,<times>
189 - /proc/<pid>/fail-nth,
190 /proc/self/task/<tid>/fail-nth:
192 Write to this file of integer N makes N-th call in the task fail.
193 Read from this file returns a integer value. A value of '0' indicates
194 that the fault setup with a previous write to this file was injected.
195 A positive integer N indicates that the fault wasn't yet injected.
196 Note that this file enables all types of faults (slab, futex, etc).
197 This setting takes precedence over all other generic debugfs settings
198 like probability, interval, times, etc. But per-capability settings
199 (e.g. fail_futex/ignore-private) take precedence over it.
201 This feature is intended for systematic testing of faults in a single
202 system call. See an example below.
204 How to add new fault injection capability
205 -----------------------------------------
207 - #include <linux/fault-inject.h>
209 - define the fault attributes
211 DECLARE_FAULT_ATTR(name);
213 Please see the definition of struct fault_attr in fault-inject.h
216 - provide a way to configure fault attributes
220 If you need to enable the fault injection capability from boot time, you can
221 provide boot option to configure it. There is a helper function for it:
223 setup_fault_attr(attr, str);
227 failslab, fail_page_alloc, and fail_make_request use this way.
230 fault_create_debugfs_attr(name, parent, attr);
234 If the scope of the fault injection capability is limited to a
235 single kernel module, it is better to provide module parameters to
236 configure the fault attributes.
238 - add a hook to insert failures
240 Upon should_fail() returning true, client code should inject a failure:
242 should_fail(attr, size);
247 - Inject slab allocation failures into module init/exit code::
252 echo Y > /sys/kernel/debug/$FAILTYPE/task-filter
253 echo 10 > /sys/kernel/debug/$FAILTYPE/probability
254 echo 100 > /sys/kernel/debug/$FAILTYPE/interval
255 echo -1 > /sys/kernel/debug/$FAILTYPE/times
256 echo 0 > /sys/kernel/debug/$FAILTYPE/space
257 echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
258 echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
262 bash -c "echo 1 > /proc/self/make-it-fail && exec $*"
267 echo "Usage: $0 modulename [ modulename ... ]"
274 faulty_system modprobe $m
277 faulty_system modprobe -r $m
280 ------------------------------------------------------------------------------
282 - Inject page allocation failures only for a specific module::
286 FAILTYPE=fail_page_alloc
291 echo "Usage: $0 <modulename>"
297 if [ ! -d /sys/module/$module/sections ]
299 echo Module $module is not loaded
303 cat /sys/module/$module/sections/.text > /sys/kernel/debug/$FAILTYPE/require-start
304 cat /sys/module/$module/sections/.data > /sys/kernel/debug/$FAILTYPE/require-end
306 echo N > /sys/kernel/debug/$FAILTYPE/task-filter
307 echo 10 > /sys/kernel/debug/$FAILTYPE/probability
308 echo 100 > /sys/kernel/debug/$FAILTYPE/interval
309 echo -1 > /sys/kernel/debug/$FAILTYPE/times
310 echo 0 > /sys/kernel/debug/$FAILTYPE/space
311 echo 2 > /sys/kernel/debug/$FAILTYPE/verbose
312 echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-wait
313 echo 1 > /sys/kernel/debug/$FAILTYPE/ignore-gfp-highmem
314 echo 10 > /sys/kernel/debug/$FAILTYPE/stacktrace-depth
316 trap "echo 0 > /sys/kernel/debug/$FAILTYPE/probability" SIGINT SIGTERM EXIT
318 echo "Injecting errors into the module $module... (interrupt to stop)"
321 ------------------------------------------------------------------------------
323 - Inject open_ctree error while btrfs mount::
328 dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1
329 DEVICE=$(losetup --show -f testfile.img)
330 mkfs.btrfs -f $DEVICE
333 FAILTYPE=fail_function
335 echo $FAILFUNC > /sys/kernel/debug/$FAILTYPE/inject
336 printf %#x -12 > /sys/kernel/debug/$FAILTYPE/$FAILFUNC/retval
337 echo N > /sys/kernel/debug/$FAILTYPE/task-filter
338 echo 100 > /sys/kernel/debug/$FAILTYPE/probability
339 echo 0 > /sys/kernel/debug/$FAILTYPE/interval
340 echo -1 > /sys/kernel/debug/$FAILTYPE/times
341 echo 0 > /sys/kernel/debug/$FAILTYPE/space
342 echo 1 > /sys/kernel/debug/$FAILTYPE/verbose
344 mount -t btrfs $DEVICE tmpmnt
353 echo > /sys/kernel/debug/$FAILTYPE/inject
360 Tool to run command with failslab or fail_page_alloc
361 ----------------------------------------------------
362 In order to make it easier to accomplish the tasks mentioned above, we can use
363 tools/testing/fault-injection/failcmd.sh. Please run a command
364 "./tools/testing/fault-injection/failcmd.sh --help" for more information and
365 see the following examples.
369 Run a command "make -C tools/testing/selftests/ run_tests" with injecting slab
372 # ./tools/testing/fault-injection/failcmd.sh \
373 -- make -C tools/testing/selftests/ run_tests
375 Same as above except to specify 100 times failures at most instead of one time
378 # ./tools/testing/fault-injection/failcmd.sh --times=100 \
379 -- make -C tools/testing/selftests/ run_tests
381 Same as above except to inject page allocation failure instead of slab
384 # env FAILCMD_TYPE=fail_page_alloc \
385 ./tools/testing/fault-injection/failcmd.sh --times=100 \
386 -- make -C tools/testing/selftests/ run_tests
388 Systematic faults using fail-nth
389 ---------------------------------
391 The following code systematically faults 0-th, 1-st, 2-nd and so on
392 capabilities in the socketpair() system call::
394 #include <sys/types.h>
395 #include <sys/stat.h>
396 #include <sys/socket.h>
397 #include <sys/syscall.h>
407 int i, err, res, fail_nth, fds[2];
410 system("echo N > /sys/kernel/debug/failslab/ignore-gfp-wait");
411 sprintf(buf, "/proc/self/task/%ld/fail-nth", syscall(SYS_gettid));
412 fail_nth = open(buf, O_RDWR);
414 sprintf(buf, "%d", i);
415 write(fail_nth, buf, strlen(buf));
416 res = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds);
418 pread(fail_nth, buf, sizeof(buf), 0);
423 printf("%d-th fault %c: res=%d/%d\n", i, atoi(buf) ? 'N' : 'Y',
433 1-th fault Y: res=-1/23
434 2-th fault Y: res=-1/23
435 3-th fault Y: res=-1/12
436 4-th fault Y: res=-1/12
437 5-th fault Y: res=-1/23
438 6-th fault Y: res=-1/23
439 7-th fault Y: res=-1/23
440 8-th fault Y: res=-1/12
441 9-th fault Y: res=-1/12
442 10-th fault Y: res=-1/12
443 11-th fault Y: res=-1/12
444 12-th fault Y: res=-1/12
445 13-th fault Y: res=-1/12
446 14-th fault Y: res=-1/12
447 15-th fault Y: res=-1/12
448 16-th fault N: res=0/12