fault-inject: support systematic fault injection

Add /proc/self/task/<current-tid>/fail-nth file that allows failing 0-th, 1-st, 2-nd and so on calls systematically. Excerpt from the added documentation: "Write to this file of integer N makes N-th call in the current task fail (N is 0-based). Read from this file returns a single char 'Y' or 'N' that says if the fault setup with a previous write to this file was injected or not, and disables the fault if it wasn't yet injected. Note that this file enables all types of faults (slab, futex, etc). This setting takes precedence over all other generic settings like probability, interval, times, etc. But per-capability settings (e.g. fail_futex/ignore-private) take precedence over it. This feature is intended for systematic testing of faults in a single system call. See an example below" Why add a new setting: 1. Existing settings are global rather than per-task. So parallel testing is not possible. 2. attr->interval is close but it depends on attr->count which is non reset to 0, so interval does not work as expected. 3. Trying to model this with existing settings requires manipulations of all of probability, interval, times, space, task-filter and unexposed count and per-task make-it-fail files. 4. Existing settings are per-failure-type, and the set of failure types is potentially expanding. 5. make-it-fail can't be changed by unprivileged user and aggressive stress testing better be done from an unprivileged user. Similarly, this would require opening the debugfs files to the unprivileged user, as he would need to reopen at least times file (not possible to pre-open before dropping privs). The proposed interface solves all of the above (see the example). We want to integrate this into syzkaller fuzzer. A prototype has found 10 bugs in kernel in first day of usage: https://groups.google.com/forum/#!searchin/syzkaller/%22FAULT_INJECTION%22%7Csort:relevance I've made the current interface work with all types of our sandboxes. For setuid the secret sauce was prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) to make /proc entries non-root owned. So I am fine with the current version of the code. [akpm@linux-foundation.org: fix build] Link: http://lkml.kernel.org/r/20170328130128.101773-1-dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Akinobu Mita <akinobu.mita@gmail.com> Cc: Michal Hocko <mhocko@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Dmitry Vyukov <dvyukov@google.com> 2017-07-12 17:34:35 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-12 19:26:01 -0400
commit: e41d58185f1444368873d4d7422f7664a68be61d (patch)
tree: 1d7dc405b33a4aead67da40d0caec446a3da900d /fs/proc
parent: 92ef6da3d06ff551a86de41ae37df9cc4b58d7a0 (diff)
1 files changed, 52 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f1e1927ccd48..88b773f318cd 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1355,6 +1355,53 @@ static const struct file_operations proc_fault_inject_operations = {
        .write          = proc_fault_inject_write,
        .llseek         = generic_file_llseek,
 };
+static ssize_t proc_fail_nth_write(struct file *file, const char __user *buf,
+                                   size_t count, loff_t *ppos)
+{
+        struct task_struct *task;
+        int err, n;
+        task = get_proc_task(file_inode(file));
+        if (!task)
+                return -ESRCH;
+        put_task_struct(task);
+        if (task != current)
+                return -EPERM;
+        err = kstrtoint_from_user(buf, count, 10, &n);
+        if (err)
+                return err;
+        if (n < 0 || n == INT_MAX)
+                return -EINVAL;
+        current->fail_nth = n + 1;
+        return count;
+}
+static ssize_t proc_fail_nth_read(struct file *file, char __user *buf,
+                                  size_t count, loff_t *ppos)
+{
+        struct task_struct *task;
+        int err;
+        task = get_proc_task(file_inode(file));
+        if (!task)
+                return -ESRCH;
+        put_task_struct(task);
+        if (task != current)
+                return -EPERM;
+        if (count < 1)
+                return -EINVAL;
+        err = put_user((char)(current->fail_nth ? 'N' : 'Y'), buf);
+        if (err)
+                return err;
+        current->fail_nth = 0;
+        return 1;
+}
+static const struct file_operations proc_fail_nth_operations = {
+        .read           = proc_fail_nth_read,
+        .write          = proc_fail_nth_write,
+};
 #endif
@@ -3311,6 +3358,11 @@ static const struct pid_entry tid_base_stuff[] = {
 #endif
 #ifdef CONFIG_FAULT_INJECTION
        REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
+        /*
+         * Operations on the file check that the task is current,
+         * so we create it with 0666 to support testing under unprivileged user.
+         */
+        REG("fail-nth", 0666, proc_fail_nth_operations),
 #endif
 #ifdef CONFIG_TASK_IO_ACCOUNTING
        ONE("io",       S_IRUSR, proc_tid_io_accounting),
author	Dmitry Vyukov <dvyukov@google.com>	2017-07-12 17:34:35 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-12 19:26:01 -0400
commit	e41d58185f1444368873d4d7422f7664a68be61d (patch)
tree	1d7dc405b33a4aead67da40d0caec446a3da900d /fs/proc
parent	92ef6da3d06ff551a86de41ae37df9cc4b58d7a0 (diff)

diff --git a/fs/proc/base.c b/fs/proc/base.c index f1e1927ccd48..88b773f318cd 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -1355,6 +1355,53 @@ static const struct file_operations proc_fault_inject_operations = {
1355	.write = proc_fault_inject_write,	1355	.write = proc_fault_inject_write,
1356	.llseek = generic_file_llseek,	1356	.llseek = generic_file_llseek,
1357	};	1357	};
		1358
		1359	static ssize_t proc_fail_nth_write(struct file file, const char __user buf,
		1360	size_t count, loff_t *ppos)
		1361	{
		1362	struct task_struct *task;
		1363	int err, n;
		1364
		1365	task = get_proc_task(file_inode(file));
		1366	if (!task)
		1367	return -ESRCH;
		1368	put_task_struct(task);
		1369	if (task != current)
		1370	return -EPERM;
		1371	err = kstrtoint_from_user(buf, count, 10, &n);
		1372	if (err)
		1373	return err;
		1374	if (n < 0 \|\| n == INT_MAX)
		1375	return -EINVAL;
		1376	current->fail_nth = n + 1;
		1377	return count;
		1378	}
		1379
		1380	static ssize_t proc_fail_nth_read(struct file file, char __user buf,
		1381	size_t count, loff_t *ppos)
		1382	{
		1383	struct task_struct *task;
		1384	int err;
		1385
		1386	task = get_proc_task(file_inode(file));
		1387	if (!task)
		1388	return -ESRCH;
		1389	put_task_struct(task);
		1390	if (task != current)
		1391	return -EPERM;
		1392	if (count < 1)
		1393	return -EINVAL;
		1394	err = put_user((char)(current->fail_nth ? 'N' : 'Y'), buf);
		1395	if (err)
		1396	return err;
		1397	current->fail_nth = 0;
		1398	return 1;
		1399	}
		1400
		1401	static const struct file_operations proc_fail_nth_operations = {
		1402	.read = proc_fail_nth_read,
		1403	.write = proc_fail_nth_write,
		1404	};
1358	#endif	1405	#endif
1359		1406
1360		1407
@@ -3311,6 +3358,11 @@ static const struct pid_entry tid_base_stuff[] = {
3311	#endif	3358	#endif
3312	#ifdef CONFIG_FAULT_INJECTION	3359	#ifdef CONFIG_FAULT_INJECTION
3313	REG("make-it-fail", S_IRUGO\|S_IWUSR, proc_fault_inject_operations),	3360	REG("make-it-fail", S_IRUGO\|S_IWUSR, proc_fault_inject_operations),
		3361	/*
		3362	* Operations on the file check that the task is current,
		3363	* so we create it with 0666 to support testing under unprivileged user.
		3364	*/
		3365	REG("fail-nth", 0666, proc_fail_nth_operations),
3314	#endif	3366	#endif
3315	#ifdef CONFIG_TASK_IO_ACCOUNTING	3367	#ifdef CONFIG_TASK_IO_ACCOUNTING
3316	ONE("io", S_IRUSR, proc_tid_io_accounting),	3368	ONE("io", S_IRUSR, proc_tid_io_accounting),