From: Kent Overstreet <kent.overstreet@linux.dev>
This adds a new fault injection capability, based on code tagging.
To use, simply insert somewhere in your code
dynamic_fault("fault_class_name")
and check whether it returns true - if so, inject the error.
For example
if (dynamic_fault("init"))
return -EINVAL;
There's no need to define faults elsewhere, as with
include/linux/fault-injection.h. Faults show up in debugfs, under
/sys/kernel/debug/dynamic_faults, and can be selected based on
file/module/function/line number/class, and enabled permanently, or in
oneshot mode, or with a specified frequency.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---
include/asm-generic/codetag.lds.h | 3 +-
include/linux/dynamic_fault.h | 79 +++++++
include/linux/slab.h | 3 +-
lib/Kconfig.debug | 6 +
lib/Makefile | 2 +
lib/dynamic_fault.c | 372 ++++++++++++++++++++++++++++++
6 files changed, 463 insertions(+), 2 deletions(-)
create mode 100644 include/linux/dynamic_fault.h
create mode 100644 lib/dynamic_fault.c
diff --git a/include/asm-generic/codetag.lds.h b/include/asm-generic/codetag.lds.h
index 64f536b80380..16fbf74edc3d 100644
--- a/include/asm-generic/codetag.lds.h
+++ b/include/asm-generic/codetag.lds.h
@@ -9,6 +9,7 @@
__stop_##_name = .;
#define CODETAG_SECTIONS() \
- SECTION_WITH_BOUNDARIES(alloc_tags)
+ SECTION_WITH_BOUNDARIES(alloc_tags) \
+ SECTION_WITH_BOUNDARIES(dynamic_fault_tags)
#endif /* __ASM_GENERIC_CODETAG_LDS_H */
diff --git a/include/linux/dynamic_fault.h b/include/linux/dynamic_fault.h
new file mode 100644
index 000000000000..526a33209e94
--- /dev/null
+++ b/include/linux/dynamic_fault.h
@@ -0,0 +1,79 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#ifndef _LINUX_DYNAMIC_FAULT_H
+#define _LINUX_DYNAMIC_FAULT_H
+
+/*
+ * Dynamic/code tagging fault injection:
+ *
+ * Originally based on the dynamic debug trick of putting types in a special elf
+ * section, then rewritten using code tagging:
+ *
+ * To use, simply insert a call to dynamic_fault("fault_class"), which will
+ * return true if an error should be injected.
+ *
+ * Fault injection sites may be listed and enabled via debugfs, under
+ * /sys/kernel/debug/dynamic_faults.
+ */
+
+#ifdef CONFIG_CODETAG_FAULT_INJECTION
+
+#include <linux/codetag.h>
+#include <linux/jump_label.h>
+
+#define DFAULT_STATES() \
+ x(disabled) \
+ x(enabled) \
+ x(oneshot)
+
+enum dfault_enabled {
+#define x(n) DFAULT_##n,
+ DFAULT_STATES()
+#undef x
+};
+
+union dfault_state {
+ struct {
+ unsigned int enabled:2;
+ unsigned int count:30;
+ };
+
+ struct {
+ unsigned int v;
+ };
+};
+
+struct dfault {
+ struct codetag tag;
+ const char *class;
+ unsigned int frequency;
+ union dfault_state state;
+ struct static_key_false enabled;
+};
+
+bool __dynamic_fault_enabled(struct dfault *df);
+
+#define dynamic_fault(_class) \
+({ \
+ static struct dfault \
+ __used \
+ __section("dynamic_fault_tags") \
+ __aligned(8) df = { \
+ .tag = CODE_TAG_INIT, \
+ .class = _class, \
+ .enabled = STATIC_KEY_FALSE_INIT, \
+ }; \
+ \
+ static_key_false(&df.enabled.key) && \
+ __dynamic_fault_enabled(&df); \
+})
+
+#else
+
+#define dynamic_fault(_class) false
+
+#endif /* CODETAG_FAULT_INJECTION */
+
+#define memory_fault() dynamic_fault("memory")
+
+#endif /* _LINUX_DYNAMIC_FAULT_H */
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 89273be35743..4be5a93ed15a 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -17,6 +17,7 @@
#include <linux/types.h>
#include <linux/workqueue.h>
#include <linux/percpu-refcount.h>
+#include <linux/dynamic_fault.h>
/*
@@ -468,7 +469,7 @@ static inline void slab_tag_dec(const void *ptr) {}
#define krealloc_hooks(_p, _do_alloc) \
({ \
- void *_res = _do_alloc; \
+ void *_res = !memory_fault() ? _do_alloc : NULL; \
slab_tag_add(_p, _res); \
_res; \
})
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 2790848464f1..b7d03afbc808 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1982,6 +1982,12 @@ config FAULT_INJECTION_STACKTRACE_FILTER
help
Provide stacktrace filter for fault-injection capabilities
+config CODETAG_FAULT_INJECTION
+ bool "Code tagging based fault injection"
+ select CODE_TAGGING
+ help
+ Dynamic fault injection based on code tagging
+
config ARCH_HAS_KCOV
bool
help
diff --git a/lib/Makefile b/lib/Makefile
index 99f732156673..489ea000c528 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -231,6 +231,8 @@ obj-$(CONFIG_CODE_TAGGING) += codetag.o
obj-$(CONFIG_ALLOC_TAGGING) += alloc_tag.o
obj-$(CONFIG_PAGE_ALLOC_TAGGING) += pgalloc_tag.o
+obj-$(CONFIG_CODETAG_FAULT_INJECTION) += dynamic_fault.o
+
lib-$(CONFIG_GENERIC_BUG) += bug.o
obj-$(CONFIG_HAVE_ARCH_TRACEHOOK) += syscall.o
diff --git a/lib/dynamic_fault.c b/lib/dynamic_fault.c
new file mode 100644
index 000000000000..4c9cd18686be
--- /dev/null
+++ b/lib/dynamic_fault.c
@@ -0,0 +1,372 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/ctype.h>
+#include <linux/debugfs.h>
+#include <linux/dynamic_fault.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/seq_buf.h>
+
+static struct codetag_type *cttype;
+
+bool __dynamic_fault_enabled(struct dfault *df)
+{
+ union dfault_state old, new;
+ unsigned int v = df->state.v;
+ bool ret;
+
+ do {
+ old.v = new.v = v;
+
+ if (new.enabled == DFAULT_disabled)
+ return false;
+
+ ret = df->frequency
+ ? ++new.count >= df->frequency
+ : true;
+ if (ret)
+ new.count = 0;
+ if (ret && new.enabled == DFAULT_oneshot)
+ new.enabled = DFAULT_disabled;
+ } while ((v = cmpxchg(&df->state.v, old.v, new.v)) != old.v);
+
+ if (ret)
+ pr_debug("returned true for %s:%u", df->tag.filename, df->tag.lineno);
+
+ return ret;
+}
+EXPORT_SYMBOL(__dynamic_fault_enabled);
+
+static const char * const dfault_state_strs[] = {
+#define x(n) #n,
+ DFAULT_STATES()
+#undef x
+ NULL
+};
+
+static void dynamic_fault_to_text(struct seq_buf *out, struct dfault *df)
+{
+ codetag_to_text(out, &df->tag);
+ seq_buf_printf(out, "class:%s %s \"", df->class,
+ dfault_state_strs[df->state.enabled]);
+}
+
+struct dfault_query {
+ struct codetag_query q;
+
+ bool set_enabled:1;
+ unsigned int enabled:2;
+
+ bool set_frequency:1;
+ unsigned int frequency;
+};
+
+/*
+ * Search the tables for _dfault's which match the given
+ * `query' and apply the `flags' and `mask' to them. Tells
+ * the user which dfault's were changed, or whether none
+ * were matched.
+ */
+static int dfault_change(struct dfault_query *query)
+{
+ struct codetag_iterator ct_iter;
+ struct codetag *ct;
+ unsigned int nfound = 0;
+
+ codetag_lock_module_list(cttype, true);
+ codetag_init_iter(&ct_iter, cttype);
+
+ while ((ct = codetag_next_ct(&ct_iter))) {
+ struct dfault *df = container_of(ct, struct dfault, tag);
+
+ if (!codetag_matches_query(&query->q, ct, ct_iter.cmod, df->class))
+ continue;
+
+ if (query->set_enabled &&
+ query->enabled != df->state.enabled) {
+ if (query->enabled != DFAULT_disabled)
+ static_key_slow_inc(&df->enabled.key);
+ else if (df->state.enabled != DFAULT_disabled)
+ static_key_slow_dec(&df->enabled.key);
+
+ df->state.enabled = query->enabled;
+ }
+
+ if (query->set_frequency)
+ df->frequency = query->frequency;
+
+ pr_debug("changed %s:%d [%s]%s #%d %s",
+ df->tag.filename, df->tag.lineno, df->tag.modname,
+ df->tag.function, query->q.cur_index,
+ dfault_state_strs[df->state.enabled]);
+
+ nfound++;
+ }
+
+ pr_debug("dfault: %u matches", nfound);
+
+ codetag_lock_module_list(cttype, false);
+
+ return nfound ? 0 : -ENOENT;
+}
+
+#define DFAULT_TOKENS() \
+ x(disable, 0) \
+ x(enable, 0) \
+ x(oneshot, 0) \
+ x(frequency, 1)
+
+enum dfault_token {
+#define x(name, nr_args) TOK_##name,
+ DFAULT_TOKENS()
+#undef x
+};
+
+static const char * const dfault_token_strs[] = {
+#define x(name, nr_args) #name,
+ DFAULT_TOKENS()
+#undef x
+ NULL
+};
+
+static unsigned int dfault_token_nr_args[] = {
+#define x(name, nr_args) nr_args,
+ DFAULT_TOKENS()
+#undef x
+};
+
+static enum dfault_token str_to_token(const char *word, unsigned int nr_words)
+{
+ int tok = match_string(dfault_token_strs, ARRAY_SIZE(dfault_token_strs), word);
+
+ if (tok < 0) {
+ pr_debug("unknown keyword \"%s\"", word);
+ return tok;
+ }
+
+ if (nr_words < dfault_token_nr_args[tok]) {
+ pr_debug("insufficient arguments to \"%s\"", word);
+ return -EINVAL;
+ }
+
+ return tok;
+}
+
+static int dfault_parse_command(struct dfault_query *query,
+ enum dfault_token tok,
+ char *words[], size_t nr_words)
+{
+ unsigned int i = 0;
+ int ret;
+
+ switch (tok) {
+ case TOK_disable:
+ query->set_enabled = true;
+ query->enabled = DFAULT_disabled;
+ break;
+ case TOK_enable:
+ query->set_enabled = true;
+ query->enabled = DFAULT_enabled;
+ break;
+ case TOK_oneshot:
+ query->set_enabled = true;
+ query->enabled = DFAULT_oneshot;
+ break;
+ case TOK_frequency:
+ query->set_frequency = 1;
+ ret = kstrtouint(words[i++], 10, &query->frequency);
+ if (ret)
+ return ret;
+
+ if (!query->set_enabled) {
+ query->set_enabled = 1;
+ query->enabled = DFAULT_enabled;
+ }
+ break;
+ }
+
+ return i;
+}
+
+static int dynamic_fault_store(char *buf)
+{
+ struct dfault_query query = { NULL };
+#define MAXWORDS 9
+ char *tok, *words[MAXWORDS];
+ int ret, nr_words, i = 0;
+
+ buf = codetag_query_parse(&query.q, buf);
+ if (IS_ERR(buf))
+ return PTR_ERR(buf);
+
+ while ((tok = strsep_no_empty(&buf, " \t\r\n"))) {
+ if (nr_words == ARRAY_SIZE(words))
+ return -EINVAL; /* ran out of words[] before bytes */
+ words[nr_words++] = tok;
+ }
+
+ while (i < nr_words) {
+ const char *tok_str = words[i++];
+ enum dfault_token tok = str_to_token(tok_str, nr_words - i);
+
+ if (tok < 0)
+ return tok;
+
+ ret = dfault_parse_command(&query, tok, words + i, nr_words - i);
+ if (ret < 0)
+ return ret;
+
+ i += ret;
+ BUG_ON(i > nr_words);
+ }
+
+ pr_debug("q->function=\"%s\" q->filename=\"%s\" "
+ "q->module=\"%s\" q->line=%u-%u\n q->index=%u-%u",
+ query.q.function, query.q.filename, query.q.module,
+ query.q.first_line, query.q.last_line,
+ query.q.first_index, query.q.last_index);
+
+ ret = dfault_change(&query);
+ if (ret < 0)
+ return ret;
+
+ return 0;
+}
+
+struct dfault_iter {
+ struct codetag_iterator ct_iter;
+
+ struct seq_buf buf;
+ char rawbuf[4096];
+};
+
+static int dfault_open(struct inode *inode, struct file *file)
+{
+ struct dfault_iter *iter;
+
+ iter = kzalloc(sizeof(*iter), GFP_KERNEL);
+ if (!iter)
+ return -ENOMEM;
+
+ codetag_lock_module_list(cttype, true);
+ codetag_init_iter(&iter->ct_iter, cttype);
+ codetag_lock_module_list(cttype, false);
+
+ file->private_data = iter;
+ seq_buf_init(&iter->buf, iter->rawbuf, sizeof(iter->rawbuf));
+ return 0;
+}
+
+static int dfault_release(struct inode *inode, struct file *file)
+{
+ struct dfault_iter *iter = file->private_data;
+
+ kfree(iter);
+ return 0;
+}
+
+struct user_buf {
+ char __user *buf; /* destination user buffer */
+ size_t size; /* size of requested read */
+ ssize_t ret; /* bytes read so far */
+};
+
+static int flush_ubuf(struct user_buf *dst, struct seq_buf *src)
+{
+ if (src->len) {
+ size_t bytes = min_t(size_t, src->len, dst->size);
+ int err = copy_to_user(dst->buf, src->buffer, bytes);
+
+ if (err)
+ return err;
+
+ dst->ret += bytes;
+ dst->buf += bytes;
+ dst->size -= bytes;
+ src->len -= bytes;
+ memmove(src->buffer, src->buffer + bytes, src->len);
+ }
+
+ return 0;
+}
+
+static ssize_t dfault_read(struct file *file, char __user *ubuf,
+ size_t size, loff_t *ppos)
+{
+ struct dfault_iter *iter = file->private_data;
+ struct user_buf buf = { .buf = ubuf, .size = size };
+ struct codetag *ct;
+ struct dfault *df;
+ int err;
+
+ codetag_lock_module_list(iter->ct_iter.cttype, true);
+ while (1) {
+ err = flush_ubuf(&buf, &iter->buf);
+ if (err || !buf.size)
+ break;
+
+ ct = codetag_next_ct(&iter->ct_iter);
+ if (!ct)
+ break;
+
+ df = container_of(ct, struct dfault, tag);
+ dynamic_fault_to_text(&iter->buf, df);
+ seq_buf_putc(&iter->buf, '\n');
+ }
+ codetag_lock_module_list(iter->ct_iter.cttype, false);
+
+ return err ?: buf.ret;
+}
+
+/*
+ * File_ops->write method for <debugfs>/dynamic_fault/conrol. Gathers the
+ * command text from userspace, parses and executes it.
+ */
+static ssize_t dfault_write(struct file *file, const char __user *ubuf,
+ size_t len, loff_t *offp)
+{
+ char tmpbuf[256];
+
+ if (len == 0)
+ return 0;
+ /* we don't check *offp -- multiple writes() are allowed */
+ if (len > sizeof(tmpbuf)-1)
+ return -E2BIG;
+ if (copy_from_user(tmpbuf, ubuf, len))
+ return -EFAULT;
+ tmpbuf[len] = '\0';
+ pr_debug("read %zu bytes from userspace", len);
+
+ dynamic_fault_store(tmpbuf);
+
+ *offp += len;
+ return len;
+}
+
+static const struct file_operations dfault_ops = {
+ .owner = THIS_MODULE,
+ .open = dfault_open,
+ .release = dfault_release,
+ .read = dfault_read,
+ .write = dfault_write
+};
+
+static int __init dynamic_fault_init(void)
+{
+ const struct codetag_type_desc desc = {
+ .section = "dynamic_fault_tags",
+ .tag_size = sizeof(struct dfault),
+ };
+ struct dentry *debugfs_file;
+
+ cttype = codetag_register_type(&desc);
+ if (IS_ERR_OR_NULL(cttype))
+ return PTR_ERR(cttype);
+
+ debugfs_file = debugfs_create_file("dynamic_faults", 0666, NULL, NULL, &dfault_ops);
+ if (IS_ERR(debugfs_file))
+ return PTR_ERR(debugfs_file);
+
+ return 0;
+}
+module_init(dynamic_fault_init);
--
2.37.2.672.g94769d06f0-googOn Tue, 30 Aug 2022 at 23:50, Suren Baghdasaryan <surenb@google.com> wrote:
>
> From: Kent Overstreet <kent.overstreet@linux.dev>
>
> This adds a new fault injection capability, based on code tagging.
>
> To use, simply insert somewhere in your code
>
> dynamic_fault("fault_class_name")
>
> and check whether it returns true - if so, inject the error.
> For example
>
> if (dynamic_fault("init"))
> return -EINVAL;
Hi Suren,
If this is going to be used by mainline kernel, it would be good to
integrate this with fail_nth systematic fault injection:
https://elixir.bootlin.com/linux/latest/source/lib/fault-inject.c#L109
Otherwise these dynamic sites won't be tested by testing systems doing
systematic fault injection testing.
> There's no need to define faults elsewhere, as with
> include/linux/fault-injection.h. Faults show up in debugfs, under
> /sys/kernel/debug/dynamic_faults, and can be selected based on
> file/module/function/line number/class, and enabled permanently, or in
> oneshot mode, or with a specified frequency.
>
> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
> ---
> include/asm-generic/codetag.lds.h | 3 +-
> include/linux/dynamic_fault.h | 79 +++++++
> include/linux/slab.h | 3 +-
> lib/Kconfig.debug | 6 +
> lib/Makefile | 2 +
> lib/dynamic_fault.c | 372 ++++++++++++++++++++++++++++++
> 6 files changed, 463 insertions(+), 2 deletions(-)
> create mode 100644 include/linux/dynamic_fault.h
> create mode 100644 lib/dynamic_fault.c
>
> diff --git a/include/asm-generic/codetag.lds.h b/include/asm-generic/codetag.lds.h
> index 64f536b80380..16fbf74edc3d 100644
> --- a/include/asm-generic/codetag.lds.h
> +++ b/include/asm-generic/codetag.lds.h
> @@ -9,6 +9,7 @@
> __stop_##_name = .;
>
> #define CODETAG_SECTIONS() \
> - SECTION_WITH_BOUNDARIES(alloc_tags)
> + SECTION_WITH_BOUNDARIES(alloc_tags) \
> + SECTION_WITH_BOUNDARIES(dynamic_fault_tags)
>
> #endif /* __ASM_GENERIC_CODETAG_LDS_H */
> diff --git a/include/linux/dynamic_fault.h b/include/linux/dynamic_fault.h
> new file mode 100644
> index 000000000000..526a33209e94
> --- /dev/null
> +++ b/include/linux/dynamic_fault.h
> @@ -0,0 +1,79 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#ifndef _LINUX_DYNAMIC_FAULT_H
> +#define _LINUX_DYNAMIC_FAULT_H
> +
> +/*
> + * Dynamic/code tagging fault injection:
> + *
> + * Originally based on the dynamic debug trick of putting types in a special elf
> + * section, then rewritten using code tagging:
> + *
> + * To use, simply insert a call to dynamic_fault("fault_class"), which will
> + * return true if an error should be injected.
> + *
> + * Fault injection sites may be listed and enabled via debugfs, under
> + * /sys/kernel/debug/dynamic_faults.
> + */
> +
> +#ifdef CONFIG_CODETAG_FAULT_INJECTION
> +
> +#include <linux/codetag.h>
> +#include <linux/jump_label.h>
> +
> +#define DFAULT_STATES() \
> + x(disabled) \
> + x(enabled) \
> + x(oneshot)
> +
> +enum dfault_enabled {
> +#define x(n) DFAULT_##n,
> + DFAULT_STATES()
> +#undef x
> +};
> +
> +union dfault_state {
> + struct {
> + unsigned int enabled:2;
> + unsigned int count:30;
> + };
> +
> + struct {
> + unsigned int v;
> + };
> +};
> +
> +struct dfault {
> + struct codetag tag;
> + const char *class;
> + unsigned int frequency;
> + union dfault_state state;
> + struct static_key_false enabled;
> +};
> +
> +bool __dynamic_fault_enabled(struct dfault *df);
> +
> +#define dynamic_fault(_class) \
> +({ \
> + static struct dfault \
> + __used \
> + __section("dynamic_fault_tags") \
> + __aligned(8) df = { \
> + .tag = CODE_TAG_INIT, \
> + .class = _class, \
> + .enabled = STATIC_KEY_FALSE_INIT, \
> + }; \
> + \
> + static_key_false(&df.enabled.key) && \
> + __dynamic_fault_enabled(&df); \
> +})
> +
> +#else
> +
> +#define dynamic_fault(_class) false
> +
> +#endif /* CODETAG_FAULT_INJECTION */
> +
> +#define memory_fault() dynamic_fault("memory")
> +
> +#endif /* _LINUX_DYNAMIC_FAULT_H */
> diff --git a/include/linux/slab.h b/include/linux/slab.h
> index 89273be35743..4be5a93ed15a 100644
> --- a/include/linux/slab.h
> +++ b/include/linux/slab.h
> @@ -17,6 +17,7 @@
> #include <linux/types.h>
> #include <linux/workqueue.h>
> #include <linux/percpu-refcount.h>
> +#include <linux/dynamic_fault.h>
>
>
> /*
> @@ -468,7 +469,7 @@ static inline void slab_tag_dec(const void *ptr) {}
>
> #define krealloc_hooks(_p, _do_alloc) \
> ({ \
> - void *_res = _do_alloc; \
> + void *_res = !memory_fault() ? _do_alloc : NULL; \
> slab_tag_add(_p, _res); \
> _res; \
> })
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 2790848464f1..b7d03afbc808 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -1982,6 +1982,12 @@ config FAULT_INJECTION_STACKTRACE_FILTER
> help
> Provide stacktrace filter for fault-injection capabilities
>
> +config CODETAG_FAULT_INJECTION
> + bool "Code tagging based fault injection"
> + select CODE_TAGGING
> + help
> + Dynamic fault injection based on code tagging
> +
> config ARCH_HAS_KCOV
> bool
> help
> diff --git a/lib/Makefile b/lib/Makefile
> index 99f732156673..489ea000c528 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -231,6 +231,8 @@ obj-$(CONFIG_CODE_TAGGING) += codetag.o
> obj-$(CONFIG_ALLOC_TAGGING) += alloc_tag.o
> obj-$(CONFIG_PAGE_ALLOC_TAGGING) += pgalloc_tag.o
>
> +obj-$(CONFIG_CODETAG_FAULT_INJECTION) += dynamic_fault.o
> +
> lib-$(CONFIG_GENERIC_BUG) += bug.o
>
> obj-$(CONFIG_HAVE_ARCH_TRACEHOOK) += syscall.o
> diff --git a/lib/dynamic_fault.c b/lib/dynamic_fault.c
> new file mode 100644
> index 000000000000..4c9cd18686be
> --- /dev/null
> +++ b/lib/dynamic_fault.c
> @@ -0,0 +1,372 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +
> +#include <linux/ctype.h>
> +#include <linux/debugfs.h>
> +#include <linux/dynamic_fault.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/seq_buf.h>
> +
> +static struct codetag_type *cttype;
> +
> +bool __dynamic_fault_enabled(struct dfault *df)
> +{
> + union dfault_state old, new;
> + unsigned int v = df->state.v;
> + bool ret;
> +
> + do {
> + old.v = new.v = v;
> +
> + if (new.enabled == DFAULT_disabled)
> + return false;
> +
> + ret = df->frequency
> + ? ++new.count >= df->frequency
> + : true;
> + if (ret)
> + new.count = 0;
> + if (ret && new.enabled == DFAULT_oneshot)
> + new.enabled = DFAULT_disabled;
> + } while ((v = cmpxchg(&df->state.v, old.v, new.v)) != old.v);
> +
> + if (ret)
> + pr_debug("returned true for %s:%u", df->tag.filename, df->tag.lineno);
> +
> + return ret;
> +}
> +EXPORT_SYMBOL(__dynamic_fault_enabled);
> +
> +static const char * const dfault_state_strs[] = {
> +#define x(n) #n,
> + DFAULT_STATES()
> +#undef x
> + NULL
> +};
> +
> +static void dynamic_fault_to_text(struct seq_buf *out, struct dfault *df)
> +{
> + codetag_to_text(out, &df->tag);
> + seq_buf_printf(out, "class:%s %s \"", df->class,
> + dfault_state_strs[df->state.enabled]);
> +}
> +
> +struct dfault_query {
> + struct codetag_query q;
> +
> + bool set_enabled:1;
> + unsigned int enabled:2;
> +
> + bool set_frequency:1;
> + unsigned int frequency;
> +};
> +
> +/*
> + * Search the tables for _dfault's which match the given
> + * `query' and apply the `flags' and `mask' to them. Tells
> + * the user which dfault's were changed, or whether none
> + * were matched.
> + */
> +static int dfault_change(struct dfault_query *query)
> +{
> + struct codetag_iterator ct_iter;
> + struct codetag *ct;
> + unsigned int nfound = 0;
> +
> + codetag_lock_module_list(cttype, true);
> + codetag_init_iter(&ct_iter, cttype);
> +
> + while ((ct = codetag_next_ct(&ct_iter))) {
> + struct dfault *df = container_of(ct, struct dfault, tag);
> +
> + if (!codetag_matches_query(&query->q, ct, ct_iter.cmod, df->class))
> + continue;
> +
> + if (query->set_enabled &&
> + query->enabled != df->state.enabled) {
> + if (query->enabled != DFAULT_disabled)
> + static_key_slow_inc(&df->enabled.key);
> + else if (df->state.enabled != DFAULT_disabled)
> + static_key_slow_dec(&df->enabled.key);
> +
> + df->state.enabled = query->enabled;
> + }
> +
> + if (query->set_frequency)
> + df->frequency = query->frequency;
> +
> + pr_debug("changed %s:%d [%s]%s #%d %s",
> + df->tag.filename, df->tag.lineno, df->tag.modname,
> + df->tag.function, query->q.cur_index,
> + dfault_state_strs[df->state.enabled]);
> +
> + nfound++;
> + }
> +
> + pr_debug("dfault: %u matches", nfound);
> +
> + codetag_lock_module_list(cttype, false);
> +
> + return nfound ? 0 : -ENOENT;
> +}
> +
> +#define DFAULT_TOKENS() \
> + x(disable, 0) \
> + x(enable, 0) \
> + x(oneshot, 0) \
> + x(frequency, 1)
> +
> +enum dfault_token {
> +#define x(name, nr_args) TOK_##name,
> + DFAULT_TOKENS()
> +#undef x
> +};
> +
> +static const char * const dfault_token_strs[] = {
> +#define x(name, nr_args) #name,
> + DFAULT_TOKENS()
> +#undef x
> + NULL
> +};
> +
> +static unsigned int dfault_token_nr_args[] = {
> +#define x(name, nr_args) nr_args,
> + DFAULT_TOKENS()
> +#undef x
> +};
> +
> +static enum dfault_token str_to_token(const char *word, unsigned int nr_words)
> +{
> + int tok = match_string(dfault_token_strs, ARRAY_SIZE(dfault_token_strs), word);
> +
> + if (tok < 0) {
> + pr_debug("unknown keyword \"%s\"", word);
> + return tok;
> + }
> +
> + if (nr_words < dfault_token_nr_args[tok]) {
> + pr_debug("insufficient arguments to \"%s\"", word);
> + return -EINVAL;
> + }
> +
> + return tok;
> +}
> +
> +static int dfault_parse_command(struct dfault_query *query,
> + enum dfault_token tok,
> + char *words[], size_t nr_words)
> +{
> + unsigned int i = 0;
> + int ret;
> +
> + switch (tok) {
> + case TOK_disable:
> + query->set_enabled = true;
> + query->enabled = DFAULT_disabled;
> + break;
> + case TOK_enable:
> + query->set_enabled = true;
> + query->enabled = DFAULT_enabled;
> + break;
> + case TOK_oneshot:
> + query->set_enabled = true;
> + query->enabled = DFAULT_oneshot;
> + break;
> + case TOK_frequency:
> + query->set_frequency = 1;
> + ret = kstrtouint(words[i++], 10, &query->frequency);
> + if (ret)
> + return ret;
> +
> + if (!query->set_enabled) {
> + query->set_enabled = 1;
> + query->enabled = DFAULT_enabled;
> + }
> + break;
> + }
> +
> + return i;
> +}
> +
> +static int dynamic_fault_store(char *buf)
> +{
> + struct dfault_query query = { NULL };
> +#define MAXWORDS 9
> + char *tok, *words[MAXWORDS];
> + int ret, nr_words, i = 0;
> +
> + buf = codetag_query_parse(&query.q, buf);
> + if (IS_ERR(buf))
> + return PTR_ERR(buf);
> +
> + while ((tok = strsep_no_empty(&buf, " \t\r\n"))) {
> + if (nr_words == ARRAY_SIZE(words))
> + return -EINVAL; /* ran out of words[] before bytes */
> + words[nr_words++] = tok;
> + }
> +
> + while (i < nr_words) {
> + const char *tok_str = words[i++];
> + enum dfault_token tok = str_to_token(tok_str, nr_words - i);
> +
> + if (tok < 0)
> + return tok;
> +
> + ret = dfault_parse_command(&query, tok, words + i, nr_words - i);
> + if (ret < 0)
> + return ret;
> +
> + i += ret;
> + BUG_ON(i > nr_words);
> + }
> +
> + pr_debug("q->function=\"%s\" q->filename=\"%s\" "
> + "q->module=\"%s\" q->line=%u-%u\n q->index=%u-%u",
> + query.q.function, query.q.filename, query.q.module,
> + query.q.first_line, query.q.last_line,
> + query.q.first_index, query.q.last_index);
> +
> + ret = dfault_change(&query);
> + if (ret < 0)
> + return ret;
> +
> + return 0;
> +}
> +
> +struct dfault_iter {
> + struct codetag_iterator ct_iter;
> +
> + struct seq_buf buf;
> + char rawbuf[4096];
> +};
> +
> +static int dfault_open(struct inode *inode, struct file *file)
> +{
> + struct dfault_iter *iter;
> +
> + iter = kzalloc(sizeof(*iter), GFP_KERNEL);
> + if (!iter)
> + return -ENOMEM;
> +
> + codetag_lock_module_list(cttype, true);
> + codetag_init_iter(&iter->ct_iter, cttype);
> + codetag_lock_module_list(cttype, false);
> +
> + file->private_data = iter;
> + seq_buf_init(&iter->buf, iter->rawbuf, sizeof(iter->rawbuf));
> + return 0;
> +}
> +
> +static int dfault_release(struct inode *inode, struct file *file)
> +{
> + struct dfault_iter *iter = file->private_data;
> +
> + kfree(iter);
> + return 0;
> +}
> +
> +struct user_buf {
> + char __user *buf; /* destination user buffer */
> + size_t size; /* size of requested read */
> + ssize_t ret; /* bytes read so far */
> +};
> +
> +static int flush_ubuf(struct user_buf *dst, struct seq_buf *src)
> +{
> + if (src->len) {
> + size_t bytes = min_t(size_t, src->len, dst->size);
> + int err = copy_to_user(dst->buf, src->buffer, bytes);
> +
> + if (err)
> + return err;
> +
> + dst->ret += bytes;
> + dst->buf += bytes;
> + dst->size -= bytes;
> + src->len -= bytes;
> + memmove(src->buffer, src->buffer + bytes, src->len);
> + }
> +
> + return 0;
> +}
> +
> +static ssize_t dfault_read(struct file *file, char __user *ubuf,
> + size_t size, loff_t *ppos)
> +{
> + struct dfault_iter *iter = file->private_data;
> + struct user_buf buf = { .buf = ubuf, .size = size };
> + struct codetag *ct;
> + struct dfault *df;
> + int err;
> +
> + codetag_lock_module_list(iter->ct_iter.cttype, true);
> + while (1) {
> + err = flush_ubuf(&buf, &iter->buf);
> + if (err || !buf.size)
> + break;
> +
> + ct = codetag_next_ct(&iter->ct_iter);
> + if (!ct)
> + break;
> +
> + df = container_of(ct, struct dfault, tag);
> + dynamic_fault_to_text(&iter->buf, df);
> + seq_buf_putc(&iter->buf, '\n');
> + }
> + codetag_lock_module_list(iter->ct_iter.cttype, false);
> +
> + return err ?: buf.ret;
> +}
> +
> +/*
> + * File_ops->write method for <debugfs>/dynamic_fault/conrol. Gathers the
> + * command text from userspace, parses and executes it.
> + */
> +static ssize_t dfault_write(struct file *file, const char __user *ubuf,
> + size_t len, loff_t *offp)
> +{
> + char tmpbuf[256];
> +
> + if (len == 0)
> + return 0;
> + /* we don't check *offp -- multiple writes() are allowed */
> + if (len > sizeof(tmpbuf)-1)
> + return -E2BIG;
> + if (copy_from_user(tmpbuf, ubuf, len))
> + return -EFAULT;
> + tmpbuf[len] = '\0';
> + pr_debug("read %zu bytes from userspace", len);
> +
> + dynamic_fault_store(tmpbuf);
> +
> + *offp += len;
> + return len;
> +}
> +
> +static const struct file_operations dfault_ops = {
> + .owner = THIS_MODULE,
> + .open = dfault_open,
> + .release = dfault_release,
> + .read = dfault_read,
> + .write = dfault_write
> +};
> +
> +static int __init dynamic_fault_init(void)
> +{
> + const struct codetag_type_desc desc = {
> + .section = "dynamic_fault_tags",
> + .tag_size = sizeof(struct dfault),
> + };
> + struct dentry *debugfs_file;
> +
> + cttype = codetag_register_type(&desc);
> + if (IS_ERR_OR_NULL(cttype))
> + return PTR_ERR(cttype);
> +
> + debugfs_file = debugfs_create_file("dynamic_faults", 0666, NULL, NULL, &dfault_ops);
> + if (IS_ERR(debugfs_file))
> + return PTR_ERR(debugfs_file);
> +
> + return 0;
> +}
> +module_init(dynamic_fault_init);
> --
> 2.37.2.672.g94769d06f0-goog
>
On Wed, Aug 31, 2022 at 12:37:14PM +0200, Dmitry Vyukov wrote:
> On Tue, 30 Aug 2022 at 23:50, Suren Baghdasaryan <surenb@google.com> wrote:
> >
> > From: Kent Overstreet <kent.overstreet@linux.dev>
> >
> > This adds a new fault injection capability, based on code tagging.
> >
> > To use, simply insert somewhere in your code
> >
> > dynamic_fault("fault_class_name")
> >
> > and check whether it returns true - if so, inject the error.
> > For example
> >
> > if (dynamic_fault("init"))
> > return -EINVAL;
>
> Hi Suren,
>
> If this is going to be used by mainline kernel, it would be good to
> integrate this with fail_nth systematic fault injection:
> https://elixir.bootlin.com/linux/latest/source/lib/fault-inject.c#L109
>
> Otherwise these dynamic sites won't be tested by testing systems doing
> systematic fault injection testing.
That's a discussion we need to have, yeah. We don't want two distinct fault
injection frameworks, we'll have to have a discussion as to whether this is (or
can be) better enough to make a switch worthwhile, and whether a compatibility
interface is needed - or maybe there's enough distinct interesting bits in both
to make merging plausible?
The debugfs interface for this fault injection code is necessarily different
from our existing fault injection - this gives you a fault injection point _per
callsite_, which is huge - e.g. for filesystem testing what I need is to be able
to enable fault injection points within a given module. I can do that easily
with this, not with our current fault injection.
I think the per-callsite fault injection points would also be pretty valuable
for CONFIG_FAULT_INJECTION_USERCOPY, too.
OTOH, existing kernel fault injection can filter based on task - this fault
injection framework doesn't have that. Easy enough to add, though. Similar for
the interval/probability/ratelimit stuff.
fail_function is the odd one out, I'm not sure how that would fit into this
model. Everything else I've seen I think fits into this model.
Also, it sounds like you're more familiar with our existing fault injection than
I am, so if I've misunderstood anything about what it can do please do correct
me.
Interestingly: I just discovered from reading the code that
CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is a thing (hadn't before because it
depends on !X86_64 - what?). That's cool, though.
On Wed, 31 Aug 2022 at 19:30, Kent Overstreet
<kent.overstreet@linux.dev> wrote:
> > > From: Kent Overstreet <kent.overstreet@linux.dev>
> > >
> > > This adds a new fault injection capability, based on code tagging.
> > >
> > > To use, simply insert somewhere in your code
> > >
> > > dynamic_fault("fault_class_name")
> > >
> > > and check whether it returns true - if so, inject the error.
> > > For example
> > >
> > > if (dynamic_fault("init"))
> > > return -EINVAL;
> >
> > Hi Suren,
> >
> > If this is going to be used by mainline kernel, it would be good to
> > integrate this with fail_nth systematic fault injection:
> > https://elixir.bootlin.com/linux/latest/source/lib/fault-inject.c#L109
> >
> > Otherwise these dynamic sites won't be tested by testing systems doing
> > systematic fault injection testing.
>
> That's a discussion we need to have, yeah. We don't want two distinct fault
> injection frameworks, we'll have to have a discussion as to whether this is (or
> can be) better enough to make a switch worthwhile, and whether a compatibility
> interface is needed - or maybe there's enough distinct interesting bits in both
> to make merging plausible?
>
> The debugfs interface for this fault injection code is necessarily different
> from our existing fault injection - this gives you a fault injection point _per
> callsite_, which is huge - e.g. for filesystem testing what I need is to be able
> to enable fault injection points within a given module. I can do that easily
> with this, not with our current fault injection.
>
> I think the per-callsite fault injection points would also be pretty valuable
> for CONFIG_FAULT_INJECTION_USERCOPY, too.
>
> OTOH, existing kernel fault injection can filter based on task - this fault
> injection framework doesn't have that. Easy enough to add, though. Similar for
> the interval/probability/ratelimit stuff.
>
> fail_function is the odd one out, I'm not sure how that would fit into this
> model. Everything else I've seen I think fits into this model.
>
> Also, it sounds like you're more familiar with our existing fault injection than
> I am, so if I've misunderstood anything about what it can do please do correct
> me.
What you are saying makes sense. But I can't say if we want to do a
global switch or not. I don't know how many existing users there are
(by users I mean automated testing b/c humans can switch for one-off
manual testing).
However, fail_nth that I mentioned is orthogonal to this. It's a
different mechanism to select the fault site that needs to be failed
(similar to what you mentioned as "interval/probability/ratelimit
stuff"). fail_nth allows to fail the specified n-th call site in the
specified task. And that's the only mechanism we use in
syzkaller/syzbot.
And I think it can be supported relatively easily (copy a few lines to
the "does this site needs to fail" check).
I don't know how exactly you want to use this new mechanism, but I
found fail_nth much better than any of the existing selection
mechanisms, including what this will add for specific site failing.
fail_nth allows to fail every site in a given test/syscall one-by-one
systematically. E.g. we can even have strace-like utility that repeats
the given test failing all sites in to systematically:
$ fail_all ./a_unit_test
This can be integrated into any CI system, e.g. running all LTP tests with this.
For file:line-based selection, first, we need to get these file:line
from somewhere; second, lines are changing over time so can't be
hardcoded in tests; third, it still needs to be per-task, since
unrelated processes can execute the same code.
One downside of fail_nth, though, is that it does not cover background
threads/async work. But we found that there are so many untested
synchronous error paths, that moving to background threads is not
necessary at this point.
> Interestingly: I just discovered from reading the code that
> CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is a thing (hadn't before because it
> depends on !X86_64 - what?). That's cool, though.
On Wed, Aug 31, 2022 at 3:37 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Tue, 30 Aug 2022 at 23:50, Suren Baghdasaryan <surenb@google.com> wrote:
> >
> > From: Kent Overstreet <kent.overstreet@linux.dev>
> >
> > This adds a new fault injection capability, based on code tagging.
> >
> > To use, simply insert somewhere in your code
> >
> > dynamic_fault("fault_class_name")
> >
> > and check whether it returns true - if so, inject the error.
> > For example
> >
> > if (dynamic_fault("init"))
> > return -EINVAL;
>
> Hi Suren,
>
> If this is going to be used by mainline kernel, it would be good to
> integrate this with fail_nth systematic fault injection:
> https://elixir.bootlin.com/linux/latest/source/lib/fault-inject.c#L109
>
> Otherwise these dynamic sites won't be tested by testing systems doing
> systematic fault injection testing.
Hi Dmitry,
Thanks for the information! Will look into it and try to integrate.
Suren.
>
>
> > There's no need to define faults elsewhere, as with
> > include/linux/fault-injection.h. Faults show up in debugfs, under
> > /sys/kernel/debug/dynamic_faults, and can be selected based on
> > file/module/function/line number/class, and enabled permanently, or in
> > oneshot mode, or with a specified frequency.
> >
> > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
> > ---
> > include/asm-generic/codetag.lds.h | 3 +-
> > include/linux/dynamic_fault.h | 79 +++++++
> > include/linux/slab.h | 3 +-
> > lib/Kconfig.debug | 6 +
> > lib/Makefile | 2 +
> > lib/dynamic_fault.c | 372 ++++++++++++++++++++++++++++++
> > 6 files changed, 463 insertions(+), 2 deletions(-)
> > create mode 100644 include/linux/dynamic_fault.h
> > create mode 100644 lib/dynamic_fault.c
> >
> > diff --git a/include/asm-generic/codetag.lds.h b/include/asm-generic/codetag.lds.h
> > index 64f536b80380..16fbf74edc3d 100644
> > --- a/include/asm-generic/codetag.lds.h
> > +++ b/include/asm-generic/codetag.lds.h
> > @@ -9,6 +9,7 @@
> > __stop_##_name = .;
> >
> > #define CODETAG_SECTIONS() \
> > - SECTION_WITH_BOUNDARIES(alloc_tags)
> > + SECTION_WITH_BOUNDARIES(alloc_tags) \
> > + SECTION_WITH_BOUNDARIES(dynamic_fault_tags)
> >
> > #endif /* __ASM_GENERIC_CODETAG_LDS_H */
> > diff --git a/include/linux/dynamic_fault.h b/include/linux/dynamic_fault.h
> > new file mode 100644
> > index 000000000000..526a33209e94
> > --- /dev/null
> > +++ b/include/linux/dynamic_fault.h
> > @@ -0,0 +1,79 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +
> > +#ifndef _LINUX_DYNAMIC_FAULT_H
> > +#define _LINUX_DYNAMIC_FAULT_H
> > +
> > +/*
> > + * Dynamic/code tagging fault injection:
> > + *
> > + * Originally based on the dynamic debug trick of putting types in a special elf
> > + * section, then rewritten using code tagging:
> > + *
> > + * To use, simply insert a call to dynamic_fault("fault_class"), which will
> > + * return true if an error should be injected.
> > + *
> > + * Fault injection sites may be listed and enabled via debugfs, under
> > + * /sys/kernel/debug/dynamic_faults.
> > + */
> > +
> > +#ifdef CONFIG_CODETAG_FAULT_INJECTION
> > +
> > +#include <linux/codetag.h>
> > +#include <linux/jump_label.h>
> > +
> > +#define DFAULT_STATES() \
> > + x(disabled) \
> > + x(enabled) \
> > + x(oneshot)
> > +
> > +enum dfault_enabled {
> > +#define x(n) DFAULT_##n,
> > + DFAULT_STATES()
> > +#undef x
> > +};
> > +
> > +union dfault_state {
> > + struct {
> > + unsigned int enabled:2;
> > + unsigned int count:30;
> > + };
> > +
> > + struct {
> > + unsigned int v;
> > + };
> > +};
> > +
> > +struct dfault {
> > + struct codetag tag;
> > + const char *class;
> > + unsigned int frequency;
> > + union dfault_state state;
> > + struct static_key_false enabled;
> > +};
> > +
> > +bool __dynamic_fault_enabled(struct dfault *df);
> > +
> > +#define dynamic_fault(_class) \
> > +({ \
> > + static struct dfault \
> > + __used \
> > + __section("dynamic_fault_tags") \
> > + __aligned(8) df = { \
> > + .tag = CODE_TAG_INIT, \
> > + .class = _class, \
> > + .enabled = STATIC_KEY_FALSE_INIT, \
> > + }; \
> > + \
> > + static_key_false(&df.enabled.key) && \
> > + __dynamic_fault_enabled(&df); \
> > +})
> > +
> > +#else
> > +
> > +#define dynamic_fault(_class) false
> > +
> > +#endif /* CODETAG_FAULT_INJECTION */
> > +
> > +#define memory_fault() dynamic_fault("memory")
> > +
> > +#endif /* _LINUX_DYNAMIC_FAULT_H */
> > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > index 89273be35743..4be5a93ed15a 100644
> > --- a/include/linux/slab.h
> > +++ b/include/linux/slab.h
> > @@ -17,6 +17,7 @@
> > #include <linux/types.h>
> > #include <linux/workqueue.h>
> > #include <linux/percpu-refcount.h>
> > +#include <linux/dynamic_fault.h>
> >
> >
> > /*
> > @@ -468,7 +469,7 @@ static inline void slab_tag_dec(const void *ptr) {}
> >
> > #define krealloc_hooks(_p, _do_alloc) \
> > ({ \
> > - void *_res = _do_alloc; \
> > + void *_res = !memory_fault() ? _do_alloc : NULL; \
> > slab_tag_add(_p, _res); \
> > _res; \
> > })
> > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> > index 2790848464f1..b7d03afbc808 100644
> > --- a/lib/Kconfig.debug
> > +++ b/lib/Kconfig.debug
> > @@ -1982,6 +1982,12 @@ config FAULT_INJECTION_STACKTRACE_FILTER
> > help
> > Provide stacktrace filter for fault-injection capabilities
> >
> > +config CODETAG_FAULT_INJECTION
> > + bool "Code tagging based fault injection"
> > + select CODE_TAGGING
> > + help
> > + Dynamic fault injection based on code tagging
> > +
> > config ARCH_HAS_KCOV
> > bool
> > help
> > diff --git a/lib/Makefile b/lib/Makefile
> > index 99f732156673..489ea000c528 100644
> > --- a/lib/Makefile
> > +++ b/lib/Makefile
> > @@ -231,6 +231,8 @@ obj-$(CONFIG_CODE_TAGGING) += codetag.o
> > obj-$(CONFIG_ALLOC_TAGGING) += alloc_tag.o
> > obj-$(CONFIG_PAGE_ALLOC_TAGGING) += pgalloc_tag.o
> >
> > +obj-$(CONFIG_CODETAG_FAULT_INJECTION) += dynamic_fault.o
> > +
> > lib-$(CONFIG_GENERIC_BUG) += bug.o
> >
> > obj-$(CONFIG_HAVE_ARCH_TRACEHOOK) += syscall.o
> > diff --git a/lib/dynamic_fault.c b/lib/dynamic_fault.c
> > new file mode 100644
> > index 000000000000..4c9cd18686be
> > --- /dev/null
> > +++ b/lib/dynamic_fault.c
> > @@ -0,0 +1,372 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +
> > +#include <linux/ctype.h>
> > +#include <linux/debugfs.h>
> > +#include <linux/dynamic_fault.h>
> > +#include <linux/kernel.h>
> > +#include <linux/module.h>
> > +#include <linux/seq_buf.h>
> > +
> > +static struct codetag_type *cttype;
> > +
> > +bool __dynamic_fault_enabled(struct dfault *df)
> > +{
> > + union dfault_state old, new;
> > + unsigned int v = df->state.v;
> > + bool ret;
> > +
> > + do {
> > + old.v = new.v = v;
> > +
> > + if (new.enabled == DFAULT_disabled)
> > + return false;
> > +
> > + ret = df->frequency
> > + ? ++new.count >= df->frequency
> > + : true;
> > + if (ret)
> > + new.count = 0;
> > + if (ret && new.enabled == DFAULT_oneshot)
> > + new.enabled = DFAULT_disabled;
> > + } while ((v = cmpxchg(&df->state.v, old.v, new.v)) != old.v);
> > +
> > + if (ret)
> > + pr_debug("returned true for %s:%u", df->tag.filename, df->tag.lineno);
> > +
> > + return ret;
> > +}
> > +EXPORT_SYMBOL(__dynamic_fault_enabled);
> > +
> > +static const char * const dfault_state_strs[] = {
> > +#define x(n) #n,
> > + DFAULT_STATES()
> > +#undef x
> > + NULL
> > +};
> > +
> > +static void dynamic_fault_to_text(struct seq_buf *out, struct dfault *df)
> > +{
> > + codetag_to_text(out, &df->tag);
> > + seq_buf_printf(out, "class:%s %s \"", df->class,
> > + dfault_state_strs[df->state.enabled]);
> > +}
> > +
> > +struct dfault_query {
> > + struct codetag_query q;
> > +
> > + bool set_enabled:1;
> > + unsigned int enabled:2;
> > +
> > + bool set_frequency:1;
> > + unsigned int frequency;
> > +};
> > +
> > +/*
> > + * Search the tables for _dfault's which match the given
> > + * `query' and apply the `flags' and `mask' to them. Tells
> > + * the user which dfault's were changed, or whether none
> > + * were matched.
> > + */
> > +static int dfault_change(struct dfault_query *query)
> > +{
> > + struct codetag_iterator ct_iter;
> > + struct codetag *ct;
> > + unsigned int nfound = 0;
> > +
> > + codetag_lock_module_list(cttype, true);
> > + codetag_init_iter(&ct_iter, cttype);
> > +
> > + while ((ct = codetag_next_ct(&ct_iter))) {
> > + struct dfault *df = container_of(ct, struct dfault, tag);
> > +
> > + if (!codetag_matches_query(&query->q, ct, ct_iter.cmod, df->class))
> > + continue;
> > +
> > + if (query->set_enabled &&
> > + query->enabled != df->state.enabled) {
> > + if (query->enabled != DFAULT_disabled)
> > + static_key_slow_inc(&df->enabled.key);
> > + else if (df->state.enabled != DFAULT_disabled)
> > + static_key_slow_dec(&df->enabled.key);
> > +
> > + df->state.enabled = query->enabled;
> > + }
> > +
> > + if (query->set_frequency)
> > + df->frequency = query->frequency;
> > +
> > + pr_debug("changed %s:%d [%s]%s #%d %s",
> > + df->tag.filename, df->tag.lineno, df->tag.modname,
> > + df->tag.function, query->q.cur_index,
> > + dfault_state_strs[df->state.enabled]);
> > +
> > + nfound++;
> > + }
> > +
> > + pr_debug("dfault: %u matches", nfound);
> > +
> > + codetag_lock_module_list(cttype, false);
> > +
> > + return nfound ? 0 : -ENOENT;
> > +}
> > +
> > +#define DFAULT_TOKENS() \
> > + x(disable, 0) \
> > + x(enable, 0) \
> > + x(oneshot, 0) \
> > + x(frequency, 1)
> > +
> > +enum dfault_token {
> > +#define x(name, nr_args) TOK_##name,
> > + DFAULT_TOKENS()
> > +#undef x
> > +};
> > +
> > +static const char * const dfault_token_strs[] = {
> > +#define x(name, nr_args) #name,
> > + DFAULT_TOKENS()
> > +#undef x
> > + NULL
> > +};
> > +
> > +static unsigned int dfault_token_nr_args[] = {
> > +#define x(name, nr_args) nr_args,
> > + DFAULT_TOKENS()
> > +#undef x
> > +};
> > +
> > +static enum dfault_token str_to_token(const char *word, unsigned int nr_words)
> > +{
> > + int tok = match_string(dfault_token_strs, ARRAY_SIZE(dfault_token_strs), word);
> > +
> > + if (tok < 0) {
> > + pr_debug("unknown keyword \"%s\"", word);
> > + return tok;
> > + }
> > +
> > + if (nr_words < dfault_token_nr_args[tok]) {
> > + pr_debug("insufficient arguments to \"%s\"", word);
> > + return -EINVAL;
> > + }
> > +
> > + return tok;
> > +}
> > +
> > +static int dfault_parse_command(struct dfault_query *query,
> > + enum dfault_token tok,
> > + char *words[], size_t nr_words)
> > +{
> > + unsigned int i = 0;
> > + int ret;
> > +
> > + switch (tok) {
> > + case TOK_disable:
> > + query->set_enabled = true;
> > + query->enabled = DFAULT_disabled;
> > + break;
> > + case TOK_enable:
> > + query->set_enabled = true;
> > + query->enabled = DFAULT_enabled;
> > + break;
> > + case TOK_oneshot:
> > + query->set_enabled = true;
> > + query->enabled = DFAULT_oneshot;
> > + break;
> > + case TOK_frequency:
> > + query->set_frequency = 1;
> > + ret = kstrtouint(words[i++], 10, &query->frequency);
> > + if (ret)
> > + return ret;
> > +
> > + if (!query->set_enabled) {
> > + query->set_enabled = 1;
> > + query->enabled = DFAULT_enabled;
> > + }
> > + break;
> > + }
> > +
> > + return i;
> > +}
> > +
> > +static int dynamic_fault_store(char *buf)
> > +{
> > + struct dfault_query query = { NULL };
> > +#define MAXWORDS 9
> > + char *tok, *words[MAXWORDS];
> > + int ret, nr_words, i = 0;
> > +
> > + buf = codetag_query_parse(&query.q, buf);
> > + if (IS_ERR(buf))
> > + return PTR_ERR(buf);
> > +
> > + while ((tok = strsep_no_empty(&buf, " \t\r\n"))) {
> > + if (nr_words == ARRAY_SIZE(words))
> > + return -EINVAL; /* ran out of words[] before bytes */
> > + words[nr_words++] = tok;
> > + }
> > +
> > + while (i < nr_words) {
> > + const char *tok_str = words[i++];
> > + enum dfault_token tok = str_to_token(tok_str, nr_words - i);
> > +
> > + if (tok < 0)
> > + return tok;
> > +
> > + ret = dfault_parse_command(&query, tok, words + i, nr_words - i);
> > + if (ret < 0)
> > + return ret;
> > +
> > + i += ret;
> > + BUG_ON(i > nr_words);
> > + }
> > +
> > + pr_debug("q->function=\"%s\" q->filename=\"%s\" "
> > + "q->module=\"%s\" q->line=%u-%u\n q->index=%u-%u",
> > + query.q.function, query.q.filename, query.q.module,
> > + query.q.first_line, query.q.last_line,
> > + query.q.first_index, query.q.last_index);
> > +
> > + ret = dfault_change(&query);
> > + if (ret < 0)
> > + return ret;
> > +
> > + return 0;
> > +}
> > +
> > +struct dfault_iter {
> > + struct codetag_iterator ct_iter;
> > +
> > + struct seq_buf buf;
> > + char rawbuf[4096];
> > +};
> > +
> > +static int dfault_open(struct inode *inode, struct file *file)
> > +{
> > + struct dfault_iter *iter;
> > +
> > + iter = kzalloc(sizeof(*iter), GFP_KERNEL);
> > + if (!iter)
> > + return -ENOMEM;
> > +
> > + codetag_lock_module_list(cttype, true);
> > + codetag_init_iter(&iter->ct_iter, cttype);
> > + codetag_lock_module_list(cttype, false);
> > +
> > + file->private_data = iter;
> > + seq_buf_init(&iter->buf, iter->rawbuf, sizeof(iter->rawbuf));
> > + return 0;
> > +}
> > +
> > +static int dfault_release(struct inode *inode, struct file *file)
> > +{
> > + struct dfault_iter *iter = file->private_data;
> > +
> > + kfree(iter);
> > + return 0;
> > +}
> > +
> > +struct user_buf {
> > + char __user *buf; /* destination user buffer */
> > + size_t size; /* size of requested read */
> > + ssize_t ret; /* bytes read so far */
> > +};
> > +
> > +static int flush_ubuf(struct user_buf *dst, struct seq_buf *src)
> > +{
> > + if (src->len) {
> > + size_t bytes = min_t(size_t, src->len, dst->size);
> > + int err = copy_to_user(dst->buf, src->buffer, bytes);
> > +
> > + if (err)
> > + return err;
> > +
> > + dst->ret += bytes;
> > + dst->buf += bytes;
> > + dst->size -= bytes;
> > + src->len -= bytes;
> > + memmove(src->buffer, src->buffer + bytes, src->len);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static ssize_t dfault_read(struct file *file, char __user *ubuf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct dfault_iter *iter = file->private_data;
> > + struct user_buf buf = { .buf = ubuf, .size = size };
> > + struct codetag *ct;
> > + struct dfault *df;
> > + int err;
> > +
> > + codetag_lock_module_list(iter->ct_iter.cttype, true);
> > + while (1) {
> > + err = flush_ubuf(&buf, &iter->buf);
> > + if (err || !buf.size)
> > + break;
> > +
> > + ct = codetag_next_ct(&iter->ct_iter);
> > + if (!ct)
> > + break;
> > +
> > + df = container_of(ct, struct dfault, tag);
> > + dynamic_fault_to_text(&iter->buf, df);
> > + seq_buf_putc(&iter->buf, '\n');
> > + }
> > + codetag_lock_module_list(iter->ct_iter.cttype, false);
> > +
> > + return err ?: buf.ret;
> > +}
> > +
> > +/*
> > + * File_ops->write method for <debugfs>/dynamic_fault/conrol. Gathers the
> > + * command text from userspace, parses and executes it.
> > + */
> > +static ssize_t dfault_write(struct file *file, const char __user *ubuf,
> > + size_t len, loff_t *offp)
> > +{
> > + char tmpbuf[256];
> > +
> > + if (len == 0)
> > + return 0;
> > + /* we don't check *offp -- multiple writes() are allowed */
> > + if (len > sizeof(tmpbuf)-1)
> > + return -E2BIG;
> > + if (copy_from_user(tmpbuf, ubuf, len))
> > + return -EFAULT;
> > + tmpbuf[len] = '\0';
> > + pr_debug("read %zu bytes from userspace", len);
> > +
> > + dynamic_fault_store(tmpbuf);
> > +
> > + *offp += len;
> > + return len;
> > +}
> > +
> > +static const struct file_operations dfault_ops = {
> > + .owner = THIS_MODULE,
> > + .open = dfault_open,
> > + .release = dfault_release,
> > + .read = dfault_read,
> > + .write = dfault_write
> > +};
> > +
> > +static int __init dynamic_fault_init(void)
> > +{
> > + const struct codetag_type_desc desc = {
> > + .section = "dynamic_fault_tags",
> > + .tag_size = sizeof(struct dfault),
> > + };
> > + struct dentry *debugfs_file;
> > +
> > + cttype = codetag_register_type(&desc);
> > + if (IS_ERR_OR_NULL(cttype))
> > + return PTR_ERR(cttype);
> > +
> > + debugfs_file = debugfs_create_file("dynamic_faults", 0666, NULL, NULL, &dfault_ops);
> > + if (IS_ERR(debugfs_file))
> > + return PTR_ERR(debugfs_file);
> > +
> > + return 0;
> > +}
> > +module_init(dynamic_fault_init);
> > --
> > 2.37.2.672.g94769d06f0-goog
> >
On 8/30/22 14:49, Suren Baghdasaryan wrote:
> From: Kent Overstreet <kent.overstreet@linux.dev>
>
> This adds a new fault injection capability, based on code tagging.
>
> To use, simply insert somewhere in your code
>
> dynamic_fault("fault_class_name")
>
> and check whether it returns true - if so, inject the error.
> For example
>
> if (dynamic_fault("init"))
> return -EINVAL;
>
> There's no need to define faults elsewhere, as with
> include/linux/fault-injection.h. Faults show up in debugfs, under
> /sys/kernel/debug/dynamic_faults, and can be selected based on
> file/module/function/line number/class, and enabled permanently, or in
> oneshot mode, or with a specified frequency.
>
> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Missing Signed-off-by: from Suren.
See Documentation/process/submitting-patches.rst:
When to use Acked-by:, Cc:, and Co-developed-by:
------------------------------------------------
The Signed-off-by: tag indicates that the signer was involved in the
development of the patch, or that he/she was in the patch's delivery path.
--
~Randy
On Tue, Aug 30, 2022 at 6:52 PM Randy Dunlap <rdunlap@infradead.org> wrote:
>
>
>
> On 8/30/22 14:49, Suren Baghdasaryan wrote:
> > From: Kent Overstreet <kent.overstreet@linux.dev>
> >
> > This adds a new fault injection capability, based on code tagging.
> >
> > To use, simply insert somewhere in your code
> >
> > dynamic_fault("fault_class_name")
> >
> > and check whether it returns true - if so, inject the error.
> > For example
> >
> > if (dynamic_fault("init"))
> > return -EINVAL;
> >
> > There's no need to define faults elsewhere, as with
> > include/linux/fault-injection.h. Faults show up in debugfs, under
> > /sys/kernel/debug/dynamic_faults, and can be selected based on
> > file/module/function/line number/class, and enabled permanently, or in
> > oneshot mode, or with a specified frequency.
> >
> > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
>
> Missing Signed-off-by: from Suren.
> See Documentation/process/submitting-patches.rst:
>
> When to use Acked-by:, Cc:, and Co-developed-by:
> ------------------------------------------------
>
> The Signed-off-by: tag indicates that the signer was involved in the
> development of the patch, or that he/she was in the patch's delivery path.
Thanks for the note! Will fix in the next respin.
>
>
> --
> ~Randy
© 2016 - 2026 Red Hat, Inc.