Received: by 10.192.165.148 with SMTP id m20csp1131035imm; Wed, 25 Apr 2018 13:06:03 -0700 (PDT) X-Google-Smtp-Source: AIpwx49sqde4OYfkfxl6AkEdExgqgTCen3CeD2r5GmaK5daQKt/tPDcOgKp07PkrCbwzg7px3oOx X-Received: by 10.101.64.201 with SMTP id u9mr25141534pgp.142.1524686763442; Wed, 25 Apr 2018 13:06:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524686763; cv=none; d=google.com; s=arc-20160816; b=tv9cCuujpOvT5gsnl2b1gjyA317CoTDp+xUgaopFgABC8YZitmbXNXA2/RFdDDeR3A S4kjSR22Qmu4L6e374Pehddjf0U4XezNPu5TADcQ5/J2H/C1FWDEaStVNB9oEMuukIj8 xrziSufXCwzVa7aDdxeDRwqxl83HUS1RourJ/hT/ukiFFk4wDjJzPOCblUyA/xzQ5sq6 HdpBOMxoD5BoGPjNcuLAbr601agPzZOK7pUEvwYH8cBjr9Ym7FNjdhg1eAnZJvEN60QB l967zuL/mxTmvLVbXLWtXTe7xXhLnkeIboXjHhxdVLaPUfxraX3n1i75R69FLYZP2RSj B8mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=5k9TjnkuREGIO1SDiVMqy23iZ+79kRrdc9m3mUvMS0E=; b=IKf1vd4ALIJ/RDK8Xp7pu3N+5QEfJM7GLayw+ryUcWZ1Ovq+f9Xo1Sf27MSs7UuX4I /bCTxAhs8+0KumZrVUS+/fTgkF+llVKatKvBCO0JEJZhyh0G/Pn6J30Nh6zr2wC9ngjK tCmM85JR6lO8GyM/tHu9YVKuWVwXucz84TGHZErCi6Pc9OnslMb6J8N5tG0FmAT6AEXt 0xpaV2S6U9efb0tZG+t+SKtAMCmNwLZE8ZHmmUXglXXT8SNyzM0zZRPuVQ3G4zFv9BJb mtONIqY7vb9qJb1Vl31OzpOK3gAuZou6PMN4jRPM4efxKpM3v7p9SACDQLFQNEulr9q/ I+Uw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m5si14052570pgt.554.2018.04.25.13.05.49; Wed, 25 Apr 2018 13:06:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756521AbeDYUCq (ORCPT + 99 others); Wed, 25 Apr 2018 16:02:46 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60464 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756502AbeDYUCk (ORCPT ); Wed, 25 Apr 2018 16:02:40 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B6FFB406C786; Wed, 25 Apr 2018 20:02:39 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (file01.intranet.prod.int.rdu2.redhat.com [10.11.5.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D0F1A1C718; Wed, 25 Apr 2018 20:02:35 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (localhost [127.0.0.1]) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4) with ESMTP id w3PK2ZhL031918; Wed, 25 Apr 2018 16:02:35 -0400 Received: from localhost (mpatocka@localhost) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4/Submit) with ESMTP id w3PK2Zxi031914; Wed, 25 Apr 2018 16:02:35 -0400 X-Authentication-Warning: file01.intranet.prod.int.rdu2.redhat.com: mpatocka owned process doing -bs Date: Wed, 25 Apr 2018 16:02:35 -0400 (EDT) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: Michal Hocko cc: Matthew Wilcox , David Miller , Andrew Morton , linux-mm@kvack.org, eric.dumazet@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, virtualization@lists.linux-foundation.org, dm-devel@redhat.com, Vlastimil Babka Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options In-Reply-To: <20180424173836.GR17484@dhcp22.suse.cz> Message-ID: References: <20180421144757.GC14610@bombadil.infradead.org> <20180423151545.GU17484@dhcp22.suse.cz> <20180424125121.GA17484@dhcp22.suse.cz> <20180424162906.GM17484@dhcp22.suse.cz> <20180424170349.GQ17484@dhcp22.suse.cz> <20180424173836.GR17484@dhcp22.suse.cz> User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 25 Apr 2018 20:02:39 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 25 Apr 2018 20:02:39 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mpatocka@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 24 Apr 2018, Michal Hocko wrote: > > > Wouldn't it be equally trivial to simply enable the fault injection? You > > > would get additional failure paths testing as a bonus. > > > > The RHEL and Fedora debugging kernels are compiled with fault injection. > > But the fault-injection framework will do nothing unless it is enabled by > > a kernel parameter or debugfs write. > > > > Most users don't know about the fault injection kernel parameters or > > debugfs files and won't enabled it. We need a CONFIG_ option to enable it > > by default in the debugging kernels (and we could add a kernel parameter > > to override the default, fine-tune the fallback probability etc.) > > If it is a real issue to install the debugging kernel with the required > kernel parameter then I a config option for the default on makes sense > to me. Yes - the debug kernels use the same default kernel parameters as non-debug kernels and it is expected that all debug features are enabled by default. Here I'm sending the patch using the fault-injection framework and the new option CONFIG_FAIL_KVMALLOC_FALLBACK_PROBABILITY. Mikulas From: Mikulas Patocka Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options This patch introduces a fault-injection option "kvmalloc_fallback". This option makes kvmalloc randomly fall back to vmalloc. Unfortunatelly, some kernel code has bugs - it uses kvmalloc and then uses DMA-API on the returned memory or frees it with kfree. Such bugs were found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific code. This options helps to test for these bugs. The patch introduces a config option FAIL_KVMALLOC_FALLBACK_PROBABILITY. It can be enabled in distribution debug kernels, so that kvmalloc abuse can be tested by the users. The default can be overriden with "kvmalloc_fallback" parameter or in /sys/kernel/debug/kvmalloc_fallback/. Signed-off-by: Mikulas Patocka --- Documentation/fault-injection/fault-injection.txt | 7 +++++ include/linux/fault-inject.h | 9 +++--- kernel/futex.c | 2 - lib/Kconfig.debug | 15 +++++++++++ mm/failslab.c | 2 - mm/page_alloc.c | 2 - mm/util.c | 30 ++++++++++++++++++++++ 7 files changed, 60 insertions(+), 7 deletions(-) Index: linux-2.6/Documentation/fault-injection/fault-injection.txt =================================================================== --- linux-2.6.orig/Documentation/fault-injection/fault-injection.txt 2018-04-16 21:08:34.000000000 +0200 +++ linux-2.6/Documentation/fault-injection/fault-injection.txt 2018-04-25 21:36:36.000000000 +0200 @@ -15,6 +15,12 @@ o fail_page_alloc injects page allocation failures. (alloc_pages(), get_free_pages(), ...) +o kvmalloc_faillback + + makes the function kvmalloc randonly fall back to vmalloc. This could be used + to detects bugs such as using DMA-API on the result of kvmalloc or freeing + the result of kvmalloc with free. + o fail_futex injects futex deadlock and uaddr fault errors. @@ -167,6 +173,7 @@ use the boot option: failslab= fail_page_alloc= + kvmalloc_faillback= fail_make_request= fail_futex= mmc_core.fail_request=,,, Index: linux-2.6/include/linux/fault-inject.h =================================================================== --- linux-2.6.orig/include/linux/fault-inject.h 2018-04-16 21:08:36.000000000 +0200 +++ linux-2.6/include/linux/fault-inject.h 2018-04-25 21:38:22.000000000 +0200 @@ -31,17 +31,18 @@ struct fault_attr { struct dentry *dname; }; -#define FAULT_ATTR_INITIALIZER { \ +#define FAULT_ATTR_INITIALIZER(p) { \ + .probability = (p), \ .interval = 1, \ - .times = ATOMIC_INIT(1), \ + .times = ATOMIC_INIT((p) ? -1 : 1), \ + .verbose = (p) ? 0 : 2, \ .require_end = ULONG_MAX, \ .stacktrace_depth = 32, \ .ratelimit_state = RATELIMIT_STATE_INIT_DISABLED, \ - .verbose = 2, \ .dname = NULL, \ } -#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER +#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER(0) int setup_fault_attr(struct fault_attr *attr, char *str); bool should_fail(struct fault_attr *attr, ssize_t size); Index: linux-2.6/lib/Kconfig.debug =================================================================== --- linux-2.6.orig/lib/Kconfig.debug 2018-04-25 15:56:16.000000000 +0200 +++ linux-2.6/lib/Kconfig.debug 2018-04-25 21:39:45.000000000 +0200 @@ -1527,6 +1527,21 @@ config FAIL_PAGE_ALLOC help Provide fault-injection capability for alloc_pages(). +config FAIL_KVMALLOC_FALLBACK_PROBABILITY + int "Default kvmalloc fallback probability" + depends on FAULT_INJECTION + range 0 100 + default "0" + help + This option will make kvmalloc randomly fall back to vmalloc. + Normally, kvmalloc falls back to vmalloc only rarely, if memory + is fragmented. + + This option helps to detect hard-to-reproduce driver bugs, for + example using DMA API on the result of kvmalloc. + + The default may be overriden with the kvmalloc_faillback parameter. + config FAIL_MAKE_REQUEST bool "Fault-injection capability for disk IO" depends on FAULT_INJECTION && BLOCK Index: linux-2.6/mm/util.c =================================================================== --- linux-2.6.orig/mm/util.c 2018-04-25 15:48:39.000000000 +0200 +++ linux-2.6/mm/util.c 2018-04-25 21:43:31.000000000 +0200 @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -377,6 +378,29 @@ unsigned long vm_mmap(struct file *file, } EXPORT_SYMBOL(vm_mmap); +#ifdef CONFIG_FAULT_INJECTION + +static struct fault_attr kvmalloc_fallback = + FAULT_ATTR_INITIALIZER(CONFIG_FAIL_KVMALLOC_FALLBACK_PROBABILITY); + +static int __init setup_kvmalloc_fallback(char *str) +{ + return setup_fault_attr(&kvmalloc_fallback, str); +} + +__setup("kvmalloc_fallback=", setup_kvmalloc_fallback); + +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS +static int __init kvmalloc_fallback_debugfs_init(void) +{ + fault_create_debugfs_attr("kvmalloc_fallback", NULL, &kvmalloc_fallback); + return 0; +} +late_initcall(kvmalloc_fallback_debugfs_init); +#endif + +#endif + /** * kvmalloc_node - attempt to allocate physically contiguous memory, but upon * failure, fall back to non-contiguous (vmalloc) allocation. @@ -404,6 +428,11 @@ void *kvmalloc_node(size_t size, gfp_t f */ WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL); +#ifdef CONFIG_FAULT_INJECTION + if (should_fail(&kvmalloc_fallback, size)) + goto do_vmalloc; +#endif + /* * We want to attempt a large physically contiguous block first because * it is less likely to fragment multiple larger blocks and therefore @@ -427,6 +456,7 @@ void *kvmalloc_node(size_t size, gfp_t f if (ret || size <= PAGE_SIZE) return ret; +do_vmalloc: __maybe_unused return __vmalloc_node_flags_caller(size, node, flags, __builtin_return_address(0)); } Index: linux-2.6/kernel/futex.c =================================================================== --- linux-2.6.orig/kernel/futex.c 2018-02-14 20:24:42.000000000 +0100 +++ linux-2.6/kernel/futex.c 2018-04-25 21:11:33.000000000 +0200 @@ -288,7 +288,7 @@ static struct { bool ignore_private; } fail_futex = { - .attr = FAULT_ATTR_INITIALIZER, + .attr = FAULT_ATTR_INITIALIZER(0), .ignore_private = false, }; Index: linux-2.6/mm/failslab.c =================================================================== --- linux-2.6.orig/mm/failslab.c 2018-04-16 21:08:36.000000000 +0200 +++ linux-2.6/mm/failslab.c 2018-04-25 21:11:40.000000000 +0200 @@ -9,7 +9,7 @@ static struct { bool ignore_gfp_reclaim; bool cache_filter; } failslab = { - .attr = FAULT_ATTR_INITIALIZER, + .attr = FAULT_ATTR_INITIALIZER(0), .ignore_gfp_reclaim = true, .cache_filter = false, }; Index: linux-2.6/mm/page_alloc.c =================================================================== --- linux-2.6.orig/mm/page_alloc.c 2018-04-16 21:08:36.000000000 +0200 +++ linux-2.6/mm/page_alloc.c 2018-04-25 21:11:47.000000000 +0200 @@ -3055,7 +3055,7 @@ static struct { bool ignore_gfp_reclaim; u32 min_order; } fail_page_alloc = { - .attr = FAULT_ATTR_INITIALIZER, + .attr = FAULT_ATTR_INITIALIZER(0), .ignore_gfp_reclaim = true, .ignore_gfp_highmem = true, .min_order = 1,