+
+static struct contents_saved *save_contents(const char *filename,
+ int fd, size_t count, off_t off,
+ const char *why)
+{
+ struct contents_saved *s = malloc(sizeof(*s) + count);
+ ssize_t ret;
+
+ s->off = off;
+
+ ret = pread(fd, s->contents, count, off);
+ if (ret < 0) {
+ fwarn("failtest_write: failed to save old contents!");
+ s->count = 0;
+ } else
+ s->count = ret;
+
+ /* Use lseek to get the size of file, but we have to restore
+ * file offset */
+ off = lseek(fd, 0, SEEK_CUR);
+ s->old_len = lseek(fd, 0, SEEK_END);
+ lseek(fd, off, SEEK_SET);
+
+ trace("Saving %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
+ s, filename, s->count, (long long)s->off, why,
+ (long long)s->old_len, fd);
+ return s;
+}
+
+static void restore_contents(struct failtest_call *opener,
+ struct contents_saved *s,
+ bool restore_offset,
+ const char *caller)
+{
+ int fd;
+
+ /* The top parent doesn't need to restore. */
+ if (control_fd == -1)
+ return;
+
+ /* Has the fd been closed? */
+ if (opener->u.open.closed) {
+ /* Reopen, replace fd, close silently as we clean up. */
+ fd = open(opener->u.open.pathname, O_RDWR);
+ if (fd < 0) {
+ fwarn("failtest: could not reopen %s to clean up %s!",
+ opener->u.open.pathname, caller);
+ return;
+ }
+ /* Make it clearly distinguisable from a "normal" fd. */
+ fd = move_fd_to_high(fd);
+ trace("Reopening %s to restore it (was fd %i, now %i)\n",
+ opener->u.open.pathname, opener->u.open.ret, fd);
+ opener->u.open.ret = fd;
+ opener->u.open.closed = false;
+ }
+ fd = opener->u.open.ret;
+
+ trace("Restoring %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
+ s, opener->u.open.pathname, s->count, (long long)s->off, caller,
+ (long long)s->old_len, fd);
+ if (pwrite(fd, s->contents, s->count, s->off) != s->count) {
+ fwarn("failtest: write failed cleaning up %s for %s!",
+ opener->u.open.pathname, caller);
+ }
+
+ if (ftruncate(fd, s->old_len) != 0) {
+ fwarn("failtest_write: truncate failed cleaning up %s for %s!",
+ opener->u.open.pathname, caller);
+ }
+
+ if (restore_offset) {
+ trace("Restoring offset of fd %i to %llu\n",
+ fd, (long long)s->off);
+ lseek(fd, s->off, SEEK_SET);
+ }
+}
+
+/* We save/restore most things on demand, but always do mmaped files. */
+static void save_mmapped_files(void)
+{
+ struct failtest_call *i;
+ trace("Saving mmapped files in child\n");
+
+ tlist_for_each_rev(&history, i, list) {
+ struct mmap_call *m = &i->u.mmap;
+ struct saved_mmapped_file *s;
+
+ if (i->type != FAILTEST_MMAP)
+ continue;
+
+ /* FIXME: We only handle mmapped files where fd is still open. */
+ if (m->opener->u.open.closed)
+ continue;
+
+ s = malloc(sizeof *s);
+ s->s = save_contents(m->opener->u.open.pathname,
+ m->fd, m->length, m->offset,
+ "mmapped file before fork");
+ s->opener = m->opener;
+ s->next = saved_mmapped_files;
+ saved_mmapped_files = s;
+ }
+}
+
+static void free_mmapped_files(bool restore)
+{
+ trace("%s mmapped files in child\n",
+ restore ? "Restoring" : "Discarding");
+ while (saved_mmapped_files) {
+ struct saved_mmapped_file *next = saved_mmapped_files->next;
+ if (restore)
+ restore_contents(saved_mmapped_files->opener,
+ saved_mmapped_files->s, false,
+ "saved mmap");
+ free(saved_mmapped_files->s);
+ free(saved_mmapped_files);
+ saved_mmapped_files = next;
+ }
+}
+
+/* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */
+static struct failtest_call *opener_of(int fd)
+{
+ struct failtest_call *i;
+
+ /* Don't get confused and match genuinely failed opens. */
+ if (fd < 0)
+ return NULL;
+
+ /* Figure out the set of live fds. */
+ tlist_for_each_rev(&history, i, list) {
+ if (i->fail)
+ continue;
+ switch (i->type) {
+ case FAILTEST_CLOSE:
+ if (i->u.close.fd == fd) {
+ return NULL;
+ }
+ break;
+ case FAILTEST_OPEN:
+ if (i->u.open.ret == fd) {
+ if (i->u.open.closed)
+ return NULL;
+ return i;
+ }
+ break;
+ case FAILTEST_PIPE:
+ if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) {
+ return i;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ /* FIXME: socket, dup, etc are untracked! */
+ return NULL;
+}
+
+static void free_call(struct failtest_call *call)
+{
+ /* We don't do this in cleanup: needed even for failed opens. */
+ if (call->type == FAILTEST_OPEN)
+ free((char *)call->u.open.pathname);
+ free(call->backtrace);
+ tlist_del_from(&history, call, list);
+ free(call);
+}
+
+/* Free up memory, so valgrind doesn't report leaks. */
+static void free_everything(void)
+{
+ struct failtest_call *i;
+
+ while ((i = tlist_top(&history, list)) != NULL)
+ free_call(i);
+
+ failtable_clear(&failtable);
+}
+
+static NORETURN void failtest_cleanup(bool forced_cleanup, int status)
+{
+ struct failtest_call *i;
+ bool restore = true;
+
+ /* For children, we don't care if they "failed" the testing. */
+ if (control_fd != -1)
+ status = 0;
+ else
+ /* We don't restore contents for original parent. */
+ restore = false;
+
+ /* Cleanup everything, in reverse order. */
+ tlist_for_each_rev(&history, i, list) {
+ /* Don't restore things our parent did. */
+ if (i == our_history_start)
+ restore = false;
+
+ if (i->fail)
+ continue;
+
+ if (i->cleanup)
+ i->cleanup(&i->u, restore);
+
+ /* But their program shouldn't leak, even on failure. */
+ if (!forced_cleanup && i->can_leak) {
+ char *p = failpath_string();
+ printf("Leak at %s:%u: --failpath=%s\n",
+ i->file, i->line, p);
+ free(p);
+ status = 1;
+ }
+ }
+
+ /* Put back mmaped files the way our parent (if any) expects. */
+ free_mmapped_files(true);
+
+ free_everything();
+ if (status == 0)
+ tell_parent(SUCCESS);
+ else
+ tell_parent(FAILURE);
+ exit(status);
+}
+
+static bool following_path(void)
+{
+ if (!failpath)
+ return false;
+ /* + means continue after end, like normal. */
+ if (*failpath == '+') {
+ failpath = NULL;
+ return false;
+ }
+ return true;
+}
+
+static bool follow_path(struct failtest_call *call)
+{
+ if (*failpath == '\0') {
+ /* Continue, but don't inject errors. */
+ return call->fail = false;
+ }
+
+ if (tolower((unsigned char)*failpath) != info_to_arg[call->type])
+ errx(1, "Failpath expected '%s' got '%c'\n",
+ failpath, info_to_arg[call->type]);
+ call->fail = cisupper(*(failpath++));
+ if (call->fail)
+ call->can_leak = false;
+ return call->fail;
+}
+