Re: [PATCH] fault-inject: rust: add a Rust API for fault-injection

[Andreas Hindborg <a.hindborg@kernel.org>]

"Gary Guo" <gary@garyguo.net> writes:

> On Sun Feb 15, 2026 at 9:30 PM GMT, Andreas Hindborg wrote:
>> Add a way for Rust code to create fault-injection control points. The
>> control points can be attached to a configfs tree as default groups and
>> controlled from user space. On the kernel side, provide a `should_fail`
>> method to query if an operation should fail.
>>
>> Cc: Akinobu Mita <akinobu.mita@gmail.com>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> ---
>> This patch is a dependency for the rust null block driver fault
>> injection feature.
>> ---
>>  rust/bindings/bindings_helper.h |  1 +
>>  rust/kernel/fault_injection.rs  | 88 +++++++++++++++++++++++++++++++++++++++++
>>  rust/kernel/lib.rs              |  2 +
>>  3 files changed, 91 insertions(+)
>>
>> diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
>> index a067038b4b422..87cbaf69d330e 100644
>> --- a/rust/bindings/bindings_helper.h
>> +++ b/rust/bindings/bindings_helper.h
>> @@ -54,6 +54,7 @@
>>  #include <linux/errname.h>
>>  #include <linux/ethtool.h>
>>  #include <linux/fdtable.h>
>> +#include <linux/fault-inject.h>
>>  #include <linux/file.h>
>>  #include <linux/firmware.h>
>>  #include <linux/interrupt.h>
>> diff --git a/rust/kernel/fault_injection.rs b/rust/kernel/fault_injection.rs
>> new file mode 100644
>> index 0000000000000..e9afa3ca6cf31
>> --- /dev/null
>> +++ b/rust/kernel/fault_injection.rs
>> @@ -0,0 +1,88 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +//! Fault injection capabilities infrastructure.
>> +//!
>> +//! This module provides a Rust API for the kernel fault injection framework.
>> +//! Fault injection allows simulation of failures in kernel code paths to test
>> +//! error handling.
>> +//!
>> +//! [`FaultConfig`] represents a fault injection control point that can be:
>> +//!
>> +//! - Attached to a configfs tree as a default group, allowing userspace control
>> +//!   of fault injection parameters.
>> +//! - Queried via [`FaultConfig::should_fail`] to determine if an operation
>> +//!   should be simulated as failing.
>> +//!
>> +//! Please see the [fault injection documentation] for details on configuring
>> +//! and using fault injection from userspace.
>> +//!
>> +//! C header: [`include/linux/fault-inject.h`](srctree/include/linux/fault-inject.h)
>> +//!
>> +//! [fault injection documentation]: srctree/Documentation/fault-injection/fault-injection.rst
>> +
>> +use crate::{prelude::*, types::Opaque};
>> +
>> +/// A fault injection control point.
>> +///
>> +/// This type wraps a `struct fault_config` from the C fault injection
>> +/// framework. It provides a way to create controllable fault injection points
>> +/// that can be configured via configfs.
>> +///
>> +/// When attached to a configfs subsystem as a default group, userspace can
>> +/// configure fault injection parameters through the configfs interface. The
>> +/// kernel code can then query [`FaultConfig::should_fail`] to determine
>> +/// whether to simulate a failure.
>> +///
>> +/// # Invariants
>> +///
>> +/// - `self.inner` is always a valid `struct fault_config`.
>> +#[pin_data]
>> +pub struct FaultConfig {
>> +    #[pin]
>> +    inner: Opaque<bindings::fault_config>,
>> +}
>> +
>> +impl FaultConfig {
>> +    /// Create a new [`FaultConfig`].
>> +    ///
>> +    /// If attached to a configfs group, this [`FaultConfig`] will appear as a directory named
>> +    /// `name`.
>> +    pub fn new(name: &CStr) -> impl PinInit<Self> + use<'_> {
>> +        pin_init!(Self {
>> +            // INVARIANT: `self.inner` is initialized in ffi_init.
>> +            inner <- Opaque::zeroed().chain(|inner| {
>> +                let ptr = inner.get();
>> +                // SAFETY: `ptr` points to a zeroed allocation and the second argument is null
>> +                // terminated string.
>> +                unsafe { bindings::fault_config_init( ptr, name.as_ptr().cast()) };
>> +                Ok(())
>> +            }),
>> +        })
>> +    }
>> +}
>> +
>> +impl kernel::configfs::CDefaultGroup for FaultConfig {
>> +    fn group_ptr(&self) -> *mut bindings::config_group {
>> +        // SAFETY: By type invariant, `self.inner` is valid.
>> +        unsafe { &raw mut (*self.inner.get()).group }
>> +    }
>> +}
>> +
>> +impl FaultConfig {
>> +    /// Query for failure.
>> +    ///
>> +    /// Returns true if the operation should fail.
>
> #[inline]

Ok.

>
>> +    pub fn should_fail(&self, size: isize) -> bool {
>
> What is the meaning of a negative `size` here?
>
> I did a quick grep on the C codebase and cannot find a case where negative
> number is used here. It is either number of bytes for allocations, or `1` for
> when injecting based on number of operations performed.

It looks like you can increase the resource amount before failures
happen by passing a negative number:

		atomic_sub(size, &attr->space);

>
> I think it's also worth explaining about the meaning of size here a bit more in
> the doc comments.

I'll add some docs and link to Documentation/fault-injection.


Best regards,
Andreas Hindborg