Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp459258rwe; Thu, 1 Sep 2022 02:25:40 -0700 (PDT) X-Google-Smtp-Source: AA6agR5qtXvNZWJtHob6zyBkNqwFtJh7myLHT2slu+JELVAMyGKvWXdoaWP2fIE0R/O0M1Ka1Q2l X-Received: by 2002:a17:90b:1c82:b0:1ee:eb41:b141 with SMTP id oo2-20020a17090b1c8200b001eeeb41b141mr7831620pjb.143.1662024340180; Thu, 01 Sep 2022 02:25:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662024340; cv=none; d=google.com; s=arc-20160816; b=Mzj0F+VAtHEShWfkkhvl1GxqR7Cu0aeWOhyxLsEXs/BQDCimtSSCQiGVJYQMGO8uIy RnStsmbRV7MV0sOjxJYawoCoPCdALIX6eyXdwFkc2tK9Kyz3w3IxG6W3lUWKyF9NQRBP G2oXVX5npaDZ8klumLuDd5ZL1jnszo+yKf7BQ5tbOcFrHJFqrNIqE5AIb5FGgSQD15BV Cx1hJWW4nU2IK5R182S23anPgaAc6X/ecnOkXPNuef5nXcvc4WjcLo1WQf7YEuBOw2U+ BEdhXzctXchOO+btk1Ff7cLKmnBSiKIFGfnwdl4O2t/r8qXTo0a4a2DBskD0cZDotOmh GmGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VH72CkJdWHRYjuIFqG3YYZtTrJw2Fhi5jnFxkucPCHY=; b=E+uGBPxPzoGeGZx6RwZVkR5F6ZJfDDZYzttKThs8GNGcf08e0AhuFXu3Tqu7uLYvOE KKNPHY2xhE+3n8rJ8xSV8BW4WyPlDYFqRznKGHCLMMycqjuAhzR0AZSQ72lx7if//UiY ikLvePEEp2FuzQNQ525/b3wSfC3YeJNDUGJEyVhtUBrvJRbT8Qw3f/ZEKic2uQ9qzY4f Zp2+8/r010CNIE2353dkzS9c2Zu9pjBCXtNJgkeS5Ye/D+5C+Hb+cs8vWDmspxb7QN4b 40mOvW4W9DVe3Gp89EKTNIuZaKB2UdQIC0TFp1F8L335YGYiIVIjuB1oFAYcHwWmZfmX CPYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=q7AjWjhm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d1-20020a056a0024c100b005385736b007si9440100pfv.29.2022.09.01.02.25.28; Thu, 01 Sep 2022 02:25:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=q7AjWjhm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234239AbiIAInr (ORCPT + 99 others); Thu, 1 Sep 2022 04:43:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234264AbiIAIno (ORCPT ); Thu, 1 Sep 2022 04:43:44 -0400 Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD6CC1314DF for ; Thu, 1 Sep 2022 01:43:40 -0700 (PDT) Received: by mail-lj1-x22d.google.com with SMTP id bx38so17111865ljb.10 for ; Thu, 01 Sep 2022 01:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=VH72CkJdWHRYjuIFqG3YYZtTrJw2Fhi5jnFxkucPCHY=; b=q7AjWjhmnd64a4Ge80aSMXzM40DYISK3cXmW/EibDBVwJ+8k/kXbGydZOb9luK+PIZ Ht/KjsMCWD5TF/twQCHm6itfvd6g64oIsvl5c5eKge4E9VhNnF7iOxqToHuyozIfoFb1 5I88bd1UfHObAquK0acXH+XbI6Py13HNPo09dD+NGiTxpVgIr43RQcU5305AlaqKPpll qwKybw5Q2+9d/Onlv8u1vDEdJlLQ1JUMSCRevC4eAiHePyL2wzZzh3KSvr/OLrTmD05T eLyu3SeubEOLjLKn16wG4v4TsahkBmU2CrHwp0/PiiByarcOmjtEcsv6KWve7EKHFu99 DiuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=VH72CkJdWHRYjuIFqG3YYZtTrJw2Fhi5jnFxkucPCHY=; b=x9xAusBSK5aamqpSFVkwycM7IXmIBrqDHu5A3vPplHWlMe9jR+ZWZ3YoQsw6cDAU8c 2cHGXFDSGc2+QO8A3lCHcUbfSTpmr8F7cEUzsew/Be38U1BsfTTuauGBTzxEbHddOx8n QpnfDeRt5Xqa7jU34lOSuO2dcJqkAt+PQpMFmx8GE5og3Gj7ZShuicK6lWi9qazlP0b1 Udxt2703YqdsFAaC80sAsJdxdH8KXtWaz9NxUAxO7NwZ/9cXKzBBpbvpVNSktgnRxcy/ iZF2cDhvDfdjzmL/9aWGEAiEMrlS/xVEBhrCWmSZ2aQEFkinufOdmojPn0FPuzmnFomf RVyw== X-Gm-Message-State: ACgBeo2Q3AuMv7ohQ5fJQdrQo9LBVf0eMqxfAdFwmdKCMIsSfG/xLUVz fOFz8MmDKskyyPNzK9HZuj+J/CQbT3R+2nAof6Qj/g== X-Received: by 2002:a2e:be88:0:b0:25f:e9a8:44b8 with SMTP id a8-20020a2ebe88000000b0025fe9a844b8mr8851946ljr.92.1662021818766; Thu, 01 Sep 2022 01:43:38 -0700 (PDT) MIME-Version: 1.0 References: <20220830214919.53220-1-surenb@google.com> <20220830214919.53220-23-surenb@google.com> <20220831173010.wc5j3ycmfjx6ezfu@moria.home.lan> In-Reply-To: <20220831173010.wc5j3ycmfjx6ezfu@moria.home.lan> From: Dmitry Vyukov Date: Thu, 1 Sep 2022 10:43:26 +0200 Message-ID: Subject: Re: [RFC PATCH 22/30] Code tagging based fault injection To: Kent Overstreet Cc: Suren Baghdasaryan , akpm@linux-foundation.org, mhocko@suse.com, vbabka@suse.cz, hannes@cmpxchg.org, roman.gushchin@linux.dev, mgorman@suse.de, dave@stgolabs.net, willy@infradead.org, liam.howlett@oracle.com, void@manifault.com, peterz@infradead.org, juri.lelli@redhat.com, ldufour@linux.ibm.com, peterx@redhat.com, david@redhat.com, axboe@kernel.dk, mcgrof@kernel.org, masahiroy@kernel.org, nathan@kernel.org, changbin.du@intel.com, ytcoode@gmail.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, bristot@redhat.com, vschneid@redhat.com, cl@linux.com, penberg@kernel.org, iamjoonsoo.kim@lge.com, 42.hyeyoo@gmail.com, glider@google.com, elver@google.com, shakeelb@google.com, songmuchun@bytedance.com, arnd@arndb.de, jbaron@akamai.com, rientjes@google.com, minchan@google.com, kaleshsingh@google.com, kernel-team@android.com, linux-mm@kvack.org, iommu@lists.linux.dev, kasan-dev@googlegroups.com, io-uring@vger.kernel.org, linux-arch@vger.kernel.org, xen-devel@lists.xenproject.org, linux-bcache@vger.kernel.org, linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 31 Aug 2022 at 19:30, Kent Overstreet wrote: > > > From: Kent Overstreet > > > > > > This adds a new fault injection capability, based on code tagging. > > > > > > To use, simply insert somewhere in your code > > > > > > dynamic_fault("fault_class_name") > > > > > > and check whether it returns true - if so, inject the error. > > > For example > > > > > > if (dynamic_fault("init")) > > > return -EINVAL; > > > > Hi Suren, > > > > If this is going to be used by mainline kernel, it would be good to > > integrate this with fail_nth systematic fault injection: > > https://elixir.bootlin.com/linux/latest/source/lib/fault-inject.c#L109 > > > > Otherwise these dynamic sites won't be tested by testing systems doing > > systematic fault injection testing. > > That's a discussion we need to have, yeah. We don't want two distinct fault > injection frameworks, we'll have to have a discussion as to whether this is (or > can be) better enough to make a switch worthwhile, and whether a compatibility > interface is needed - or maybe there's enough distinct interesting bits in both > to make merging plausible? > > The debugfs interface for this fault injection code is necessarily different > from our existing fault injection - this gives you a fault injection point _per > callsite_, which is huge - e.g. for filesystem testing what I need is to be able > to enable fault injection points within a given module. I can do that easily > with this, not with our current fault injection. > > I think the per-callsite fault injection points would also be pretty valuable > for CONFIG_FAULT_INJECTION_USERCOPY, too. > > OTOH, existing kernel fault injection can filter based on task - this fault > injection framework doesn't have that. Easy enough to add, though. Similar for > the interval/probability/ratelimit stuff. > > fail_function is the odd one out, I'm not sure how that would fit into this > model. Everything else I've seen I think fits into this model. > > Also, it sounds like you're more familiar with our existing fault injection than > I am, so if I've misunderstood anything about what it can do please do correct > me. What you are saying makes sense. But I can't say if we want to do a global switch or not. I don't know how many existing users there are (by users I mean automated testing b/c humans can switch for one-off manual testing). However, fail_nth that I mentioned is orthogonal to this. It's a different mechanism to select the fault site that needs to be failed (similar to what you mentioned as "interval/probability/ratelimit stuff"). fail_nth allows to fail the specified n-th call site in the specified task. And that's the only mechanism we use in syzkaller/syzbot. And I think it can be supported relatively easily (copy a few lines to the "does this site needs to fail" check). I don't know how exactly you want to use this new mechanism, but I found fail_nth much better than any of the existing selection mechanisms, including what this will add for specific site failing. fail_nth allows to fail every site in a given test/syscall one-by-one systematically. E.g. we can even have strace-like utility that repeats the given test failing all sites in to systematically: $ fail_all ./a_unit_test This can be integrated into any CI system, e.g. running all LTP tests with this. For file:line-based selection, first, we need to get these file:line from somewhere; second, lines are changing over time so can't be hardcoded in tests; third, it still needs to be per-task, since unrelated processes can execute the same code. One downside of fail_nth, though, is that it does not cover background threads/async work. But we found that there are so many untested synchronous error paths, that moving to background threads is not necessary at this point. > Interestingly: I just discovered from reading the code that > CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is a thing (hadn't before because it > depends on !X86_64 - what?). That's cool, though.