This patch provides fault-injection capability for alloc_pages()
boot option:
fail_page_alloc=<probability>,<interval>,<times>,<space>
<probability>
specifies how often it should fail in percent.
<interval>
specifies the interval of failures.
<times>
specifies how many times failures may happen at most.
<space>
specifies the size of free space where memory can be allocated
safely in pages.
Example:
fail_page_alloc=100,10,-1,0
page allocation fails once per 10 times.
Signed-off-by: Akinobu Mita <[email protected]>
include/linux/should_fail.h | 4 ++++
lib/Kconfig.debug | 7 +++++++
mm/page_alloc.c | 21 +++++++++++++++++++++
3 files changed, 32 insertions(+)
Index: work-shouldfail/lib/Kconfig.debug
===================================================================
--- work-shouldfail.orig/lib/Kconfig.debug
+++ work-shouldfail/lib/Kconfig.debug
@@ -379,3 +379,10 @@ config FAILSLAB
help
This option provides fault-injection capabilitiy for kmalloc.
+config FAIL_PAGE_ALLOC
+ bool "fault-injection capabilitiy for alloc_pages()"
+ depends on DEBUG_KERNEL
+ select SHOULD_FAIL
+ help
+ This option provides fault-injection capabilitiy for alloc_pages().
+
Index: work-shouldfail/mm/page_alloc.c
===================================================================
--- work-shouldfail.orig/mm/page_alloc.c
+++ work-shouldfail/mm/page_alloc.c
@@ -37,6 +37,7 @@
#include <linux/vmalloc.h>
#include <linux/mempolicy.h>
#include <linux/stop_machine.h>
+#include <linux/should_fail.h>
#include <asm/tlbflush.h>
#include <asm/div64.h>
@@ -903,6 +904,22 @@ get_page_from_freelist(gfp_t gfp_mask, u
return page;
}
+#ifdef CONFIG_FAIL_PAGE_ALLOC
+
+static DEFINE_SHOULD_FAIL(fail_page_alloc_data);
+
+static int __init setup_fail_page_alloc(char *str)
+{
+ should_fail_srandom(jiffies);
+ return setup_should_fail(&fail_page_alloc_data, str);
+}
+__setup("fail_page_alloc=", setup_fail_page_alloc);
+
+struct should_fail_data *fail_page_alloc = &fail_page_alloc_data;
+EXPORT_SYMBOL_GPL(fail_page_alloc);
+
+#endif
+
/*
* This is the 'heart' of the zoned buddy allocator.
*/
@@ -921,6 +938,10 @@ __alloc_pages(gfp_t gfp_mask, unsigned i
might_sleep_if(wait);
+ if (!(gfp_mask & __GFP_NOFAIL) &&
+ should_fail(fail_page_alloc, 1 << order))
+ return NULL;
+
restart:
z = zonelist->zones; /* the list of zones suitable for gfp_mask */
Index: work-shouldfail/include/linux/should_fail.h
===================================================================
--- work-shouldfail.orig/include/linux/should_fail.h
+++ work-shouldfail/include/linux/should_fail.h
@@ -40,6 +40,10 @@ int should_fail(struct should_fail_data
extern struct should_fail_data *failslab;
#endif
+#ifdef CONFIG_FAIL_PAGE_ALLOC
+extern struct should_fail_data *fail_page_alloc;
+#endif
+
#else
#define should_fail(data, size) (0)
--
On Thursday 31 August 2006 12:07, Akinobu Mita wrote:
> This patch provides fault-injection capability for alloc_pages()
>
> boot option:
>
> fail_page_alloc=<probability>,<interval>,<times>,<space>
>
> <probability>
>
> specifies how often it should fail in percent.
>
> <interval>
>
> specifies the interval of failures.
>
> <times>
>
> specifies how many times failures may happen at most.
>
> <space>
>
> specifies the size of free space where memory can be allocated
> safely in pages.
>
> Example:
>
> fail_page_alloc=100,10,-1,0
>
> page allocation fails once per 10 times.
I still think this will need some better filters to be useful. At least
a optional uid filter perhaps (make sure to handle the interrupt case
correctly, interrupts don't belong to the uid) , and perhaps an option to only
fail GFP_ATOMIC.
With arbitary failing the system will just be unusable, right? Or would
you run some system you use this way? @)
Another possibility would be to look up __builtin_return_address(0) in
the module table and allow failing only for a specific module.
-andi
On Thu, Aug 31, 2006 at 12:25:02PM +0200, Andi Kleen wrote:
> I still think this will need some better filters to be useful. At least
> a optional uid filter perhaps (make sure to handle the interrupt case
> correctly, interrupts don't belong to the uid) , and perhaps an option to only
> fail GFP_ATOMIC.
I wrote process filter. Please patch 6/6. But I forgot to ignore
in_interrupt() case.
> With arbitary failing the system will just be unusable, right? Or would
> you run some system you use this way? @)
>
> Another possibility would be to look up __builtin_return_address(0) in
> the module table and allow failing only for a specific module.
That will be useful. Thanks.
On Thursday 31 August 2006 12:35, Akinobu Mita wrote:
> On Thu, Aug 31, 2006 at 12:25:02PM +0200, Andi Kleen wrote:
>
> > I still think this will need some better filters to be useful. At least
> > a optional uid filter perhaps (make sure to handle the interrupt case
> > correctly, interrupts don't belong to the uid) , and perhaps an option to only
> > fail GFP_ATOMIC.
>
> I wrote process filter.
Oops sorry. I overlooked that.
> Please patch 6/6. But I forgot to ignore
> in_interrupt() case.
Ok fine then.
>
> > With arbitary failing the system will just be unusable, right? Or would
> > you run some system you use this way? @)
> >
> > Another possibility would be to look up __builtin_return_address(0) in
> > the module table and allow failing only for a specific module.
>
> That will be useful. Thanks.
It might unfortunately need architecture specific code. But I guess a i386
only implementation as start would be useful enough.
-Andi