From: "Gary Guo" <gary@garyguo.net>
To: "Andreas Hindborg" <a.hindborg@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <rust-for-linux@vger.kernel.org>,
"Akinobu Mita" <akinobu.mita@gmail.com>
Subject: Re: [PATCH] fault-inject: rust: add a Rust API for fault-injection
Date: Fri, 27 Feb 2026 14:32:13 +0000 [thread overview]
Message-ID: <DGPTFSM1EK7V.1VEG57EE9DT6K@garyguo.net> (raw)
In-Reply-To: <20260215-rust-fault-inject-v1-1-6ec459cb5ccb@kernel.org>
On Sun Feb 15, 2026 at 9:30 PM GMT, Andreas Hindborg wrote:
> Add a way for Rust code to create fault-injection control points. The
> control points can be attached to a configfs tree as default groups and
> controlled from user space. On the kernel side, provide a `should_fail`
> method to query if an operation should fail.
>
> Cc: Akinobu Mita <akinobu.mita@gmail.com>
> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
> ---
> This patch is a dependency for the rust null block driver fault
> injection feature.
> ---
> rust/bindings/bindings_helper.h | 1 +
> rust/kernel/fault_injection.rs | 88 +++++++++++++++++++++++++++++++++++++++++
> rust/kernel/lib.rs | 2 +
> 3 files changed, 91 insertions(+)
>
> diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
> index a067038b4b422..87cbaf69d330e 100644
> --- a/rust/bindings/bindings_helper.h
> +++ b/rust/bindings/bindings_helper.h
> @@ -54,6 +54,7 @@
> #include <linux/errname.h>
> #include <linux/ethtool.h>
> #include <linux/fdtable.h>
> +#include <linux/fault-inject.h>
> #include <linux/file.h>
> #include <linux/firmware.h>
> #include <linux/interrupt.h>
> diff --git a/rust/kernel/fault_injection.rs b/rust/kernel/fault_injection.rs
> new file mode 100644
> index 0000000000000..e9afa3ca6cf31
> --- /dev/null
> +++ b/rust/kernel/fault_injection.rs
> @@ -0,0 +1,88 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Fault injection capabilities infrastructure.
> +//!
> +//! This module provides a Rust API for the kernel fault injection framework.
> +//! Fault injection allows simulation of failures in kernel code paths to test
> +//! error handling.
> +//!
> +//! [`FaultConfig`] represents a fault injection control point that can be:
> +//!
> +//! - Attached to a configfs tree as a default group, allowing userspace control
> +//! of fault injection parameters.
> +//! - Queried via [`FaultConfig::should_fail`] to determine if an operation
> +//! should be simulated as failing.
> +//!
> +//! Please see the [fault injection documentation] for details on configuring
> +//! and using fault injection from userspace.
> +//!
> +//! C header: [`include/linux/fault-inject.h`](srctree/include/linux/fault-inject.h)
> +//!
> +//! [fault injection documentation]: srctree/Documentation/fault-injection/fault-injection.rst
> +
> +use crate::{prelude::*, types::Opaque};
> +
> +/// A fault injection control point.
> +///
> +/// This type wraps a `struct fault_config` from the C fault injection
> +/// framework. It provides a way to create controllable fault injection points
> +/// that can be configured via configfs.
> +///
> +/// When attached to a configfs subsystem as a default group, userspace can
> +/// configure fault injection parameters through the configfs interface. The
> +/// kernel code can then query [`FaultConfig::should_fail`] to determine
> +/// whether to simulate a failure.
> +///
> +/// # Invariants
> +///
> +/// - `self.inner` is always a valid `struct fault_config`.
> +#[pin_data]
> +pub struct FaultConfig {
> + #[pin]
> + inner: Opaque<bindings::fault_config>,
> +}
> +
> +impl FaultConfig {
> + /// Create a new [`FaultConfig`].
> + ///
> + /// If attached to a configfs group, this [`FaultConfig`] will appear as a directory named
> + /// `name`.
> + pub fn new(name: &CStr) -> impl PinInit<Self> + use<'_> {
> + pin_init!(Self {
> + // INVARIANT: `self.inner` is initialized in ffi_init.
> + inner <- Opaque::zeroed().chain(|inner| {
> + let ptr = inner.get();
> + // SAFETY: `ptr` points to a zeroed allocation and the second argument is null
> + // terminated string.
> + unsafe { bindings::fault_config_init( ptr, name.as_ptr().cast()) };
> + Ok(())
> + }),
> + })
> + }
> +}
> +
> +impl kernel::configfs::CDefaultGroup for FaultConfig {
> + fn group_ptr(&self) -> *mut bindings::config_group {
> + // SAFETY: By type invariant, `self.inner` is valid.
> + unsafe { &raw mut (*self.inner.get()).group }
> + }
> +}
> +
> +impl FaultConfig {
> + /// Query for failure.
> + ///
> + /// Returns true if the operation should fail.
#[inline]
> + pub fn should_fail(&self, size: isize) -> bool {
What is the meaning of a negative `size` here?
I did a quick grep on the C codebase and cannot find a case where negative
number is used here. It is either number of bytes for allocations, or `1` for
when injecting based on number of operations performed.
I think it's also worth explaining about the meaning of size here a bit more in
the doc comments.
Best,
Gary
> + // SAFETY: By type invariant, self is always valid.
> + let attr = unsafe { &raw const (*self.inner.get()).attr };
> +
> + // SAFETY: By type invariant, self is always valid.
> + unsafe { bindings::should_fail(attr.cast_mut(), size) }
> + }
> +}
> +
> +// SAFETY: FaultConfig can be used from any task.
> +unsafe impl Send for FaultConfig {}
> +
> +// SAFETY: FaultConfig applies internal synchronization.
> +unsafe impl Sync for FaultConfig {}
> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
> index f812cf1200428..1b8f1a216a268 100644
> --- a/rust/kernel/lib.rs
> +++ b/rust/kernel/lib.rs
> @@ -92,6 +92,8 @@
> #[cfg(CONFIG_DRM = "y")]
> pub mod drm;
> pub mod error;
> +#[cfg(all(CONFIG_FAULT_INJECTION, CONFIG_FAULT_INJECTION_CONFIGFS))]
> +pub mod fault_injection;
> pub mod faux;
> #[cfg(CONFIG_RUST_FW_LOADER_ABSTRACTIONS)]
> pub mod firmware;
>
> ---
> base-commit: e9ec05addd1a067fc7cb218f20ecdc1b1b0898c0
> change-id: 20260215-rust-fault-inject-bc62f1083502
> prerequisite-change-id: 20260215-configfs-c-default-groups-bdb0a44633a6:v1
> prerequisite-patch-id: 5c82dc0deb0768531d2cdb24ac5e92857c9e76a7
>
> Best regards,
next prev parent reply other threads:[~2026-02-27 14:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-15 21:30 [PATCH] fault-inject: rust: add a Rust API for fault-injection Andreas Hindborg
2026-02-27 14:32 ` Gary Guo [this message]
2026-05-13 15:13 ` Andreas Hindborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGPTFSM1EK7V.1VEG57EE9DT6K@garyguo.net \
--to=gary@garyguo.net \
--cc=a.hindborg@kernel.org \
--cc=akinobu.mita@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox