failtest: save and restore file state inside child (on-demand)
[ccan] / ccan / failtest / failtest.c
1 /* Licensed under LGPL - see LICENSE file for details */
2 #include <ccan/failtest/failtest.h>
3 #include <stdarg.h>
4 #include <string.h>
5 #include <stdio.h>
6 #include <stdarg.h>
7 #include <ctype.h>
8 #include <err.h>
9 #include <unistd.h>
10 #include <poll.h>
11 #include <errno.h>
12 #include <sys/types.h>
13 #include <sys/wait.h>
14 #include <sys/stat.h>
15 #include <sys/time.h>
16 #include <sys/mman.h>
17 #include <signal.h>
18 #include <assert.h>
19 #include <ccan/time/time.h>
20 #include <ccan/read_write_all/read_write_all.h>
21 #include <ccan/failtest/failtest_proto.h>
22 #include <ccan/build_assert/build_assert.h>
23 #include <ccan/hash/hash.h>
24 #include <ccan/htable/htable_type.h>
25 #include <ccan/str/str.h>
26
27 enum failtest_result (*failtest_hook)(struct tlist_calls *);
28
29 static int tracefd = -1;
30 static int warnfd;
31
32 unsigned int failtest_timeout_ms = 20000;
33
34 const char *failpath;
35 const char *debugpath;
36
37 enum info_type {
38         WRITE,
39         RELEASE_LOCKS,
40         FAILURE,
41         SUCCESS,
42         UNEXPECTED
43 };
44
45 struct lock_info {
46         int fd;
47         /* end is inclusive: you can't have a 0-byte lock. */
48         off_t start, end;
49         int type;
50 };
51
52 /* We hash the call location together with its backtrace. */
53 static size_t hash_call(const struct failtest_call *call)
54 {
55         return hash(call->file, strlen(call->file),
56                     hash(&call->line, 1,
57                          hash(call->backtrace, call->backtrace_num,
58                               call->type)));
59 }
60
61 static bool call_eq(const struct failtest_call *call1,
62                     const struct failtest_call *call2)
63 {
64         unsigned int i;
65
66         if (strcmp(call1->file, call2->file) != 0
67             || call1->line != call2->line
68             || call1->type != call2->type
69             || call1->backtrace_num != call2->backtrace_num)
70                 return false;
71
72         for (i = 0; i < call1->backtrace_num; i++)
73                 if (call1->backtrace[i] != call2->backtrace[i])
74                         return false;
75
76         return true;
77 }
78
79 /* Defines struct failtable. */
80 HTABLE_DEFINE_TYPE(struct failtest_call, (struct failtest_call *), hash_call,
81                    call_eq, failtable);
82
83 bool (*failtest_exit_check)(struct tlist_calls *history);
84
85 /* The entire history of all calls. */
86 static struct tlist_calls history = TLIST_INIT(history);
87 /* If we're a child, the fd two write control info to the parent. */
88 static int control_fd = -1;
89 /* If we're a child, this is the first call we did ourselves. */
90 static struct failtest_call *our_history_start = NULL;
91 /* For printing runtime with --tracepath. */
92 static struct timeval start;
93 /* Set when failtest_hook returns FAIL_PROBE */
94 static bool probing = false;
95 /* Table to track duplicates. */
96 static struct failtable failtable;
97
98 /* Array of writes which our child did.  We report them on failure. */
99 static struct write_call *child_writes = NULL;
100 static unsigned int child_writes_num = 0;
101
102 /* fcntl locking info. */
103 static pid_t lock_owner;
104 static struct lock_info *locks = NULL;
105 static unsigned int lock_num = 0;
106
107 /* Our original pid, which we return to anyone who asks. */
108 static pid_t orig_pid;
109
110 /* Mapping from failtest_type to char. */
111 static const char info_to_arg[] = "mceoxprwfal";
112
113 /* Dummy call used for failtest_undo wrappers. */
114 static struct failtest_call unrecorded_call;
115
116 struct contents_saved {
117         size_t count;
118         off_t off;
119         off_t old_len;
120         char contents[1];
121 };
122
123 /* File contents, saved in this child only. */
124 struct saved_mmapped_file {
125         struct saved_mmapped_file *next;
126         struct failtest_call *opener;
127         struct contents_saved *s;
128 };
129
130 static struct saved_mmapped_file *saved_mmapped_files;
131
132 #if HAVE_BACKTRACE
133 #include <execinfo.h>
134
135 static void **get_backtrace(unsigned int *num)
136 {
137         static unsigned int max_back = 100;
138         void **ret;
139
140 again:
141         ret = malloc(max_back * sizeof(void *));
142         *num = backtrace(ret, max_back);
143         if (*num == max_back) {
144                 free(ret);
145                 max_back *= 2;
146                 goto again;
147         }
148         return ret;
149 }
150 #else
151 /* This will test slightly less, since will consider all of the same
152  * calls as identical.  But, it's slightly faster! */
153 static void **get_backtrace(unsigned int *num)
154 {
155         *num = 0;
156         return NULL;
157 }
158 #endif /* HAVE_BACKTRACE */
159
160 static struct failtest_call *add_history_(enum failtest_call_type type,
161                                           bool can_leak,
162                                           const char *file,
163                                           unsigned int line,
164                                           const void *elem,
165                                           size_t elem_size)
166 {
167         struct failtest_call *call;
168
169         /* NULL file is how we suppress failure. */
170         if (!file)
171                 return &unrecorded_call;
172
173         call = malloc(sizeof *call);
174         call->type = type;
175         call->can_leak = can_leak;
176         call->file = file;
177         call->line = line;
178         call->cleanup = NULL;
179         call->backtrace = get_backtrace(&call->backtrace_num);
180         memcpy(&call->u, elem, elem_size);
181         tlist_add_tail(&history, call, list);
182         return call;
183 }
184
185 #define add_history(type, can_leak, file, line, elem)           \
186         add_history_((type), (can_leak), (file), (line), (elem), sizeof(*(elem)))
187
188 /* We do a fake call inside a sizeof(), to check types. */
189 #define set_cleanup(call, clean, type)                  \
190         (call)->cleanup = (void *)((void)sizeof(clean((type *)NULL, false),1), (clean))
191
192 /* Dup the fd to a high value (out of the way I hope!), and close the old fd. */
193 static int move_fd_to_high(int fd)
194 {
195         int i;
196
197         for (i = FD_SETSIZE - 1; i >= 0; i--) {
198                 if (fcntl(i, F_GETFL) == -1 && errno == EBADF) {
199                         if (dup2(fd, i) == -1)
200                                 err(1, "Failed to dup fd %i to %i", fd, i);
201                         close(fd);
202                         return i;
203                 }
204         }
205         /* Nothing?  Really?  Er... ok? */
206         return fd;
207 }
208
209 static bool read_write_info(int fd)
210 {
211         struct write_call *w;
212         char *buf;
213
214         /* We don't need all of this, but it's simple. */
215         child_writes = realloc(child_writes,
216                                (child_writes_num+1) * sizeof(child_writes[0]));
217         w = &child_writes[child_writes_num];
218         if (!read_all(fd, w, sizeof(*w)))
219                 return false;
220
221         w->buf = buf = malloc(w->count);
222         if (!read_all(fd, buf, w->count))
223                 return false;
224
225         child_writes_num++;
226         return true;
227 }
228
229 static char *failpath_string(void)
230 {
231         struct failtest_call *i;
232         char *ret = strdup("");
233         unsigned len = 0;
234
235         /* Inefficient, but who cares? */
236         tlist_for_each(&history, i, list) {
237                 ret = realloc(ret, len + 2);
238                 ret[len] = info_to_arg[i->type];
239                 if (i->fail)
240                         ret[len] = toupper(ret[len]);
241                 ret[++len] = '\0';
242         }
243         return ret;
244 }
245
246 static void warn_via_fd(int e, const char *fmt, va_list ap)
247 {
248         char *p = failpath_string();
249
250         vdprintf(warnfd, fmt, ap);
251         if (e != -1)
252                 dprintf(warnfd, ": %s", strerror(e));
253         dprintf(warnfd, " [%s]\n", p);
254         free(p);
255 }
256
257 static void fwarn(const char *fmt, ...)
258 {
259         va_list ap;
260         int e = errno;
261
262         va_start(ap, fmt);
263         warn_via_fd(e, fmt, ap);
264         va_end(ap);
265 }
266
267
268 static void fwarnx(const char *fmt, ...)
269 {
270         va_list ap;
271
272         va_start(ap, fmt);
273         warn_via_fd(-1, fmt, ap);
274         va_end(ap);
275 }
276
277 static void tell_parent(enum info_type type)
278 {
279         if (control_fd != -1)
280                 write_all(control_fd, &type, sizeof(type));
281 }
282
283 static void child_fail(const char *out, size_t outlen, const char *fmt, ...)
284 {
285         va_list ap;
286         char *path = failpath_string();
287
288         va_start(ap, fmt);
289         vfprintf(stderr, fmt, ap);
290         va_end(ap);
291
292         fprintf(stderr, "%.*s", (int)outlen, out);
293         printf("To reproduce: --failpath=%s\n", path);
294         free(path);
295         tell_parent(FAILURE);
296         exit(1);
297 }
298
299 static void trace(const char *fmt, ...)
300 {
301         va_list ap;
302
303         if (tracefd == -1)
304                 return;
305
306         va_start(ap, fmt);
307         vdprintf(tracefd, fmt, ap);
308         va_end(ap);
309 }
310
311 static pid_t child;
312
313 static void hand_down(int signum)
314 {
315         kill(child, signum);
316 }
317
318 static void release_locks(void)
319 {
320         /* Locks were never acquired/reacquired? */
321         if (lock_owner == 0)
322                 return;
323
324         /* We own them?  Release them all. */
325         if (lock_owner == getpid()) {
326                 unsigned int i;
327                 struct flock fl;
328                 fl.l_type = F_UNLCK;
329                 fl.l_whence = SEEK_SET;
330                 fl.l_start = 0;
331                 fl.l_len = 0;
332
333                 for (i = 0; i < lock_num; i++)
334                         fcntl(locks[i].fd, F_SETLK, &fl);
335         } else {
336                 /* Our parent must have them; pass request up. */
337                 enum info_type type = RELEASE_LOCKS;
338                 assert(control_fd != -1);
339                 write_all(control_fd, &type, sizeof(type));
340         }
341         lock_owner = 0;
342 }
343
344 /* off_t is a signed type.  Getting its max is non-trivial. */
345 static off_t off_max(void)
346 {
347         BUILD_ASSERT(sizeof(off_t) == 4 || sizeof(off_t) == 8);
348         if (sizeof(off_t) == 4)
349                 return (off_t)0x7FFFFFF;
350         else
351                 return (off_t)0x7FFFFFFFFFFFFFFULL;
352 }
353
354 static void get_locks(void)
355 {
356         unsigned int i;
357         struct flock fl;
358
359         if (lock_owner == getpid())
360                 return;
361
362         if (lock_owner != 0) {
363                 enum info_type type = RELEASE_LOCKS;
364                 assert(control_fd != -1);
365                 write_all(control_fd, &type, sizeof(type));
366         }
367
368         fl.l_whence = SEEK_SET;
369
370         for (i = 0; i < lock_num; i++) {
371                 fl.l_type = locks[i].type;
372                 fl.l_start = locks[i].start;
373                 if (locks[i].end == off_max())
374                         fl.l_len = 0;
375                 else
376                         fl.l_len = locks[i].end - locks[i].start + 1;
377
378                 if (fcntl(locks[i].fd, F_SETLKW, &fl) != 0)
379                         abort();
380         }
381         lock_owner = getpid();
382 }
383
384
385 static struct contents_saved *save_contents(int fd, size_t count, off_t off)
386 {
387         struct contents_saved *s = malloc(sizeof(*s) + count);
388         ssize_t ret;
389
390         s->off = off;
391
392         ret = pread(fd, s->contents, count, off);
393         if (ret < 0) {
394                 fwarn("failtest_write: failed to save old contents!");
395                 s->count = 0;
396         } else
397                 s->count = ret;
398
399         /* Use lseek to get the size of file, but we have to restore
400          * file offset */
401         off = lseek(fd, 0, SEEK_CUR);
402         s->old_len = lseek(fd, 0, SEEK_END);
403         lseek(fd, off, SEEK_SET);
404         return s;
405 }
406
407 static void restore_contents(struct failtest_call *opener,
408                              struct contents_saved *s,
409                              bool restore_offset,
410                              const char *caller)
411 {
412         int fd;
413
414         /* The top parent doesn't need to restore. */
415         if (control_fd == -1)
416                 return;
417
418         /* Has the fd been closed? */
419         if (opener->u.open.closed) {
420                 /* Reopen, replace fd, close silently as we clean up. */
421                 fd = open(opener->u.open.pathname, O_RDWR);
422                 if (fd < 0) {
423                         fwarn("failtest: could not reopen %s to clean up %s!",
424                               opener->u.open.pathname, caller);
425                         return;
426                 }
427                 /* Make it clearly distinguisable from a "normal" fd. */
428                 opener->u.open.ret = move_fd_to_high(fd);
429                 opener->u.open.closed = false;
430         }
431         fd = opener->u.open.ret;
432
433         if (pwrite(fd, s->contents, s->count, s->off) != s->count) {
434                 fwarn("failtest: write failed cleaning up %s for %s!",
435                       opener->u.open.pathname, caller);
436         }
437
438         if (ftruncate(fd, s->old_len) != 0) {
439                 fwarn("failtest_write: truncate failed cleaning up %s for %s!",
440                       opener->u.open.pathname, caller);
441         }
442
443         if (restore_offset)
444                 lseek(fd, s->off, SEEK_SET);
445 }
446
447 /* We save/restore most things on demand, but always do mmaped files. */
448 static void save_mmapped_files(void)
449 {
450         struct failtest_call *i;
451
452         tlist_for_each_rev(&history, i, list) {
453                 struct mmap_call *m = &i->u.mmap;
454                 struct saved_mmapped_file *s;
455
456                 if (i->type != FAILTEST_MMAP)
457                         continue;
458
459                 /* FIXME: We only handle mmapped files where fd is still open. */
460                 if (m->opener->u.open.closed)
461                         continue;
462
463                 s = malloc(sizeof *s);
464                 s->s = save_contents(m->fd, m->length, m->offset);
465                 s->opener = m->opener;
466                 s->next = saved_mmapped_files;
467                 saved_mmapped_files = s;
468         }
469 }
470
471 static void free_mmapped_files(bool restore)
472 {
473         while (saved_mmapped_files) {
474                 struct saved_mmapped_file *next = saved_mmapped_files->next;
475                 if (restore)
476                         restore_contents(saved_mmapped_files->opener,
477                                          saved_mmapped_files->s, false,
478                                          "saved mmap");
479                 free(saved_mmapped_files->s);
480                 free(saved_mmapped_files);
481                 saved_mmapped_files = next;
482         }
483 }
484
485 /* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */
486 static struct failtest_call *opener_of(int fd)
487 {
488         struct failtest_call *i;
489
490         /* Don't get confused and match genuinely failed opens. */
491         if (fd < 0)
492                 return NULL;
493
494         /* Figure out the set of live fds. */
495         tlist_for_each_rev(&history, i, list) {
496                 if (i->fail)
497                         continue;
498                 switch (i->type) {
499                 case FAILTEST_CLOSE:
500                         if (i->u.close.fd == fd) {
501                                 return NULL;
502                         }
503                         break;
504                 case FAILTEST_OPEN:
505                         if (i->u.open.ret == fd) {
506                                 if (i->u.open.closed)
507                                         return NULL;
508                                 return i;
509                         }
510                         break;
511                 case FAILTEST_PIPE:
512                         if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) {
513                                 return i;
514                         }
515                         break;
516                 default:
517                         break;
518                 }
519         }
520
521         /* FIXME: socket, dup, etc are untracked! */
522         return NULL;
523 }
524
525 static void free_call(struct failtest_call *call)
526 {
527         /* We don't do this in cleanup: needed even for failed opens. */
528         if (call->type == FAILTEST_OPEN)
529                 free((char *)call->u.open.pathname);
530         free(call->backtrace);
531         tlist_del_from(&history, call, list);
532         free(call);
533 }
534
535 /* Free up memory, so valgrind doesn't report leaks. */
536 static void free_everything(void)
537 {
538         struct failtest_call *i;
539
540         while ((i = tlist_top(&history, struct failtest_call, list)) != NULL)
541                 free_call(i);
542
543         failtable_clear(&failtable);
544 }
545
546 static NORETURN void failtest_cleanup(bool forced_cleanup, int status)
547 {
548         struct failtest_call *i;
549         bool restore = true;
550
551         /* For children, we don't care if they "failed" the testing. */
552         if (control_fd != -1)
553                 status = 0;
554         else
555                 /* We don't restore contents for original parent. */
556                 restore = false;
557
558         /* Cleanup everything, in reverse order. */
559         tlist_for_each_rev(&history, i, list) {
560                 /* Don't restore things our parent did. */
561                 if (i == our_history_start)
562                         restore = false;
563
564                 if (i->fail)
565                         continue;
566
567                 if (i->cleanup)
568                         i->cleanup(&i->u, restore);
569
570                 /* But their program shouldn't leak, even on failure. */
571                 if (!forced_cleanup && i->can_leak) {
572                         printf("Leak at %s:%u: --failpath=%s\n",
573                                i->file, i->line, failpath_string());
574                         status = 1;
575                 }
576         }
577
578         /* Put back mmaped files the way our parent (if any) expects. */
579         free_mmapped_files(true);
580
581         free_everything();
582         if (status == 0)
583                 tell_parent(SUCCESS);
584         else
585                 tell_parent(FAILURE);
586         exit(status);
587 }
588
589 static bool following_path(void)
590 {
591         if (!failpath)
592                 return false;
593         /* + means continue after end, like normal. */
594         if (*failpath == '+') {
595                 failpath = NULL;
596                 return false;
597         }
598         return true;
599 }
600
601 static bool follow_path(struct failtest_call *call)
602 {
603         if (*failpath == '\0') {
604                 /* Continue, but don't inject errors. */
605                 return call->fail = false;
606         }
607
608         if (tolower((unsigned char)*failpath) != info_to_arg[call->type])
609                 errx(1, "Failpath expected '%s' got '%c'\n",
610                      failpath, info_to_arg[call->type]);
611         call->fail = cisupper(*(failpath++));
612                         if (call->fail)
613                                 call->can_leak = false;
614         return call->fail;
615 }
616
617 static bool should_fail(struct failtest_call *call)
618 {
619         int status;
620         int control[2], output[2];
621         enum info_type type = UNEXPECTED;
622         char *out = NULL;
623         size_t outlen = 0;
624         struct failtest_call *dup;
625
626         if (call == &unrecorded_call)
627                 return false;
628
629         if (following_path())
630                 return follow_path(call);
631
632         /* Attach debugger if they asked for it. */
633         if (debugpath) {
634                 char *path;
635
636                 /* Pretend this last call matches whatever path wanted:
637                  * keeps valgrind happy. */
638                 call->fail = cisupper(debugpath[strlen(debugpath)-1]);
639                 path = failpath_string();
640
641                 if (streq(path, debugpath)) {
642                         char str[80];
643
644                         /* Don't timeout. */
645                         signal(SIGUSR1, SIG_IGN);
646                         sprintf(str, "xterm -e gdb /proc/%d/exe %d &",
647                                 getpid(), getpid());
648                         if (system(str) == 0)
649                                 sleep(5);
650                 } else {
651                         /* Ignore last character: could be upper or lower. */
652                         path[strlen(path)-1] = '\0';
653                         if (!strstarts(debugpath, path)) {
654                                 fprintf(stderr,
655                                         "--debugpath not followed: %s\n", path);
656                                 debugpath = NULL;
657                         }
658                 }
659                 free(path);
660         }
661
662         /* Are we probing?  If so, we never fail twice. */
663         if (probing)
664                 return call->fail = false;
665
666         /* Don't more than once in the same place. */
667         dup = failtable_get(&failtable, call);
668         if (dup)
669                 return call->fail = false;
670
671         if (failtest_hook) {
672                 switch (failtest_hook(&history)) {
673                 case FAIL_OK:
674                         break;
675                 case FAIL_PROBE:
676                         probing = true;
677                         break;
678                 case FAIL_DONT_FAIL:
679                         call->fail = false;
680                         return false;
681                 default:
682                         abort();
683                 }
684         }
685
686         /* Add it to our table of calls. */
687         failtable_add(&failtable, call);
688
689         /* We're going to fail in the child. */
690         call->fail = true;
691         if (pipe(control) != 0 || pipe(output) != 0)
692                 err(1, "opening pipe");
693
694         /* Move out the way, to high fds. */
695         control[0] = move_fd_to_high(control[0]);
696         control[1] = move_fd_to_high(control[1]);
697         output[0] = move_fd_to_high(output[0]);
698         output[1] = move_fd_to_high(output[1]);
699
700         /* Prevent double-printing (in child and parent) */
701         fflush(stdout);
702         child = fork();
703         if (child == -1)
704                 err(1, "forking failed");
705
706         if (child == 0) {
707                 if (tracefd != -1) {
708                         struct timeval diff;
709                         const char *p;
710                         char *failpath;
711                         struct failtest_call *c;
712
713                         c = tlist_tail(&history, struct failtest_call, list);
714                         diff = time_sub(time_now(), start);
715                         failpath = failpath_string();
716                         trace("%u->%u (%u.%02u): %s (", getppid(), getpid(),
717                               (int)diff.tv_sec, (int)diff.tv_usec / 10000,
718                               failpath);
719                         free(failpath);
720                         p = strrchr(c->file, '/');
721                         if (p)
722                                 trace("%s", p+1);
723                         else
724                                 trace("%s", c->file);
725                         trace(":%u)\n", c->line);
726                 }
727                 /* From here on, we have to clean up! */
728                 our_history_start = tlist_tail(&history, struct failtest_call,
729                                                list);
730                 close(control[0]);
731                 close(output[0]);
732                 dup2(output[1], STDOUT_FILENO);
733                 dup2(output[1], STDERR_FILENO);
734                 if (output[1] != STDOUT_FILENO && output[1] != STDERR_FILENO)
735                         close(output[1]);
736                 control_fd = move_fd_to_high(control[1]);
737
738                 /* Forget any of our parent's saved files. */
739                 free_mmapped_files(false);
740
741                 /* Now, save any files we need to. */
742                 save_mmapped_files();
743
744                 /* Failed calls can't leak. */
745                 call->can_leak = false;
746
747                 return true;
748         }
749
750         signal(SIGUSR1, hand_down);
751
752         close(control[1]);
753         close(output[1]);
754
755         /* We grab output so we can display it; we grab writes so we
756          * can compare. */
757         do {
758                 struct pollfd pfd[2];
759                 int ret;
760
761                 pfd[0].fd = output[0];
762                 pfd[0].events = POLLIN|POLLHUP;
763                 pfd[1].fd = control[0];
764                 pfd[1].events = POLLIN|POLLHUP;
765
766                 if (type == SUCCESS)
767                         ret = poll(pfd, 1, failtest_timeout_ms);
768                 else
769                         ret = poll(pfd, 2, failtest_timeout_ms);
770
771                 if (ret == 0)
772                         hand_down(SIGUSR1);
773                 if (ret < 0) {
774                         if (errno == EINTR)
775                                 continue;
776                         err(1, "Poll returned %i", ret);
777                 }
778
779                 if (pfd[0].revents & POLLIN) {
780                         ssize_t len;
781
782                         out = realloc(out, outlen + 8192);
783                         len = read(output[0], out + outlen, 8192);
784                         outlen += len;
785                 } else if (type != SUCCESS && (pfd[1].revents & POLLIN)) {
786                         if (read_all(control[0], &type, sizeof(type))) {
787                                 if (type == WRITE) {
788                                         if (!read_write_info(control[0]))
789                                                 break;
790                                 } else if (type == RELEASE_LOCKS) {
791                                         release_locks();
792                                         /* FIXME: Tell them we're done... */
793                                 }
794                         }
795                 } else if (pfd[0].revents & POLLHUP) {
796                         break;
797                 }
798         } while (type != FAILURE);
799
800         close(output[0]);
801         close(control[0]);
802         waitpid(child, &status, 0);
803         if (!WIFEXITED(status)) {
804                 if (WTERMSIG(status) == SIGUSR1)
805                         child_fail(out, outlen, "Timed out");
806                 else
807                         child_fail(out, outlen, "Killed by signal %u: ",
808                                    WTERMSIG(status));
809         }
810         /* Child printed failure already, just pass up exit code. */
811         if (type == FAILURE) {
812                 fprintf(stderr, "%.*s", (int)outlen, out);
813                 tell_parent(type);
814                 exit(WEXITSTATUS(status) ? WEXITSTATUS(status) : 1);
815         }
816         if (WEXITSTATUS(status) != 0)
817                 child_fail(out, outlen, "Exited with status %i: ",
818                            WEXITSTATUS(status));
819
820         free(out);
821         signal(SIGUSR1, SIG_DFL);
822
823         /* Only child does probe. */
824         probing = false;
825
826         /* We continue onwards without failing. */
827         call->fail = false;
828         return false;
829 }
830
831 static void cleanup_calloc(struct calloc_call *call, bool restore)
832 {
833         free(call->ret);
834 }
835
836 void *failtest_calloc(size_t nmemb, size_t size,
837                       const char *file, unsigned line)
838 {
839         struct failtest_call *p;
840         struct calloc_call call;
841         call.nmemb = nmemb;
842         call.size = size;
843         p = add_history(FAILTEST_CALLOC, true, file, line, &call);
844
845         if (should_fail(p)) {
846                 p->u.calloc.ret = NULL;
847                 p->error = ENOMEM;
848         } else {
849                 p->u.calloc.ret = calloc(nmemb, size);
850                 set_cleanup(p, cleanup_calloc, struct calloc_call);
851         }
852         errno = p->error;
853         return p->u.calloc.ret;
854 }
855
856 static void cleanup_malloc(struct malloc_call *call, bool restore)
857 {
858         free(call->ret);
859 }
860
861 void *failtest_malloc(size_t size, const char *file, unsigned line)
862 {
863         struct failtest_call *p;
864         struct malloc_call call;
865         call.size = size;
866
867         p = add_history(FAILTEST_MALLOC, true, file, line, &call);
868         if (should_fail(p)) {
869                 p->u.malloc.ret = NULL;
870                 p->error = ENOMEM;
871         } else {
872                 p->u.malloc.ret = malloc(size);
873                 set_cleanup(p, cleanup_malloc, struct malloc_call);
874         }
875         errno = p->error;
876         return p->u.malloc.ret;
877 }
878
879 static void cleanup_realloc(struct realloc_call *call, bool restore)
880 {
881         free(call->ret);
882 }
883
884 /* Walk back and find out if we got this ptr from a previous routine. */
885 static void fixup_ptr_history(void *ptr)
886 {
887         struct failtest_call *i;
888
889         /* Start at end of history, work back. */
890         tlist_for_each_rev(&history, i, list) {
891                 switch (i->type) {
892                 case FAILTEST_REALLOC:
893                         if (i->u.realloc.ret == ptr) {
894                                 i->cleanup = NULL;
895                                 i->can_leak = false;
896                                 return;
897                         }
898                         break;
899                 case FAILTEST_MALLOC:
900                         if (i->u.malloc.ret == ptr) {
901                                 i->cleanup = NULL;
902                                 i->can_leak = false;
903                                 return;
904                         }
905                         break;
906                 case FAILTEST_CALLOC:
907                         if (i->u.calloc.ret == ptr) {
908                                 i->cleanup = NULL;
909                                 i->can_leak = false;
910                                 return;
911                         }
912                         break;
913                 default:
914                         break;
915                 }
916         }
917 }
918
919 void *failtest_realloc(void *ptr, size_t size, const char *file, unsigned line)
920 {
921         struct failtest_call *p;
922         struct realloc_call call;
923         call.size = size;
924         p = add_history(FAILTEST_REALLOC, true, file, line, &call);
925
926         /* FIXME: Try one child moving allocation, one not. */
927         if (should_fail(p)) {
928                 p->u.realloc.ret = NULL;
929                 p->error = ENOMEM;
930         } else {
931                 /* Don't catch this one in the history fixup... */
932                 p->u.realloc.ret = NULL;
933                 fixup_ptr_history(ptr);
934                 p->u.realloc.ret = realloc(ptr, size);
935                 set_cleanup(p, cleanup_realloc, struct realloc_call);
936         }
937         errno = p->error;
938         return p->u.realloc.ret;
939 }
940
941 /* FIXME: Record free, so we can terminate fixup_ptr_history correctly.
942  * If there's an alloc we don't see, it could get confusing if it matches
943  * a previous allocation we did see. */
944 void failtest_free(void *ptr)
945 {
946         fixup_ptr_history(ptr);
947         free(ptr);
948 }
949
950
951 static struct contents_saved *save_file(const char *pathname)
952 {
953         int fd;
954         struct contents_saved *s;
955
956         fd = open(pathname, O_RDONLY);
957         if (fd < 0)
958                 return NULL;
959
960         s = save_contents(fd, lseek(fd, 0, SEEK_END), 0);
961         close(fd);
962         return s;
963 }
964
965 /* Optimization: don't create a child for an open which *we know*
966  * would fail anyway. */
967 static bool open_would_fail(const char *pathname, int flags)
968 {
969         if ((flags & O_ACCMODE) == O_RDONLY)
970                 return access(pathname, R_OK) != 0;
971         if (!(flags & O_CREAT)) {
972                 if ((flags & O_ACCMODE) == O_WRONLY)
973                         return access(pathname, W_OK) != 0;
974                 if ((flags & O_ACCMODE) == O_RDWR)
975                         return access(pathname, W_OK) != 0
976                                 || access(pathname, R_OK) != 0;
977         }
978         /* FIXME: We could check if it exists, for O_CREAT|O_EXCL */
979         return false;
980 }
981
982 static void cleanup_open(struct open_call *call, bool restore)
983 {
984         if (restore && call->saved)
985                 restore_contents(container_of(call, struct failtest_call,
986                                               u.open),
987                                  call->saved, false, "open with O_TRUNC");
988         if (!call->closed) {
989                 trace("Cleaning up open %s by closing fd %i\n",
990                       call->pathname, call->ret);
991                 close(call->ret);
992                 call->closed = true;
993         }
994         free(call->saved);
995 }
996
997 int failtest_open(const char *pathname,
998                   const char *file, unsigned line, ...)
999 {
1000         struct failtest_call *p;
1001         struct open_call call;
1002         va_list ap;
1003
1004         call.pathname = strdup(pathname);
1005         va_start(ap, line);
1006         call.flags = va_arg(ap, int);
1007         call.always_save = false;
1008         call.closed = false;
1009         if (call.flags & O_CREAT) {
1010                 call.mode = va_arg(ap, int);
1011                 va_end(ap);
1012         }
1013         p = add_history(FAILTEST_OPEN, true, file, line, &call);
1014         /* Avoid memory leak! */
1015         if (p == &unrecorded_call)
1016                 free((char *)call.pathname);
1017
1018         if (should_fail(p)) {
1019                 /* Don't bother inserting failures that would happen anyway. */
1020                 if (open_would_fail(pathname, call.flags))
1021                         failtest_cleanup(true, 0);
1022                 p->u.open.ret = -1;
1023                 /* FIXME: Play with error codes? */
1024                 p->error = EACCES;
1025         } else {
1026                 /* Save the old version if they're truncating it. */
1027                 if (call.flags & O_TRUNC)
1028                         p->u.open.saved = save_file(pathname);
1029                 else
1030                         p->u.open.saved = NULL;
1031                 p->u.open.ret = open(pathname, call.flags, call.mode);
1032                 if (p->u.open.ret == -1) {
1033                         p->u.open.closed = true;
1034                         p->can_leak = false;
1035                 } else {
1036                         set_cleanup(p, cleanup_open, struct open_call);
1037                 }
1038         }
1039         errno = p->error;
1040         return p->u.open.ret;
1041 }
1042
1043 static void cleanup_mmap(struct mmap_call *mmap, bool restore)
1044 {
1045         if (restore)
1046                 restore_contents(mmap->opener, mmap->saved, false, "mmap");
1047         free(mmap->saved);
1048 }
1049
1050 void *failtest_mmap(void *addr, size_t length, int prot, int flags,
1051                     int fd, off_t offset, const char *file, unsigned line)
1052 {
1053         struct failtest_call *p;
1054         struct mmap_call call;
1055
1056         call.addr = addr;
1057         call.length = length;
1058         call.prot = prot;
1059         call.flags = flags;
1060         call.offset = offset;
1061         call.fd = fd;
1062         call.opener = opener_of(fd);
1063
1064         /* If we don't know what file it was, don't fail. */
1065         if (!call.opener) {
1066                 if (fd != -1) {
1067                         fwarnx("failtest_mmap: couldn't figure out source for"
1068                                " fd %i at %s:%u", fd, file, line);
1069                 }
1070                 return mmap(addr, length, prot, flags, fd, offset);
1071         }
1072
1073         p = add_history(FAILTEST_MMAP, false, file, line, &call);
1074         if (should_fail(p)) {
1075                 p->u.mmap.ret = MAP_FAILED;
1076                 p->error = ENOMEM;
1077         } else {
1078                 p->u.mmap.ret = mmap(addr, length, prot, flags, fd, offset);
1079                 /* Save contents if we're writing to a normal file */
1080                 if (p->u.mmap.ret != MAP_FAILED
1081                     && (prot & PROT_WRITE)
1082                     && call.opener->type == FAILTEST_OPEN) {
1083                         p->u.mmap.saved = save_contents(fd, length, offset);
1084                         set_cleanup(p, cleanup_mmap, struct mmap_call);
1085                 }
1086         }
1087         errno = p->error;
1088         return p->u.mmap.ret;
1089 }
1090
1091 static void cleanup_pipe(struct pipe_call *call, bool restore)
1092 {
1093         if (!call->closed[0])
1094                 close(call->fds[0]);
1095         if (!call->closed[1])
1096                 close(call->fds[1]);
1097 }
1098
1099 int failtest_pipe(int pipefd[2], const char *file, unsigned line)
1100 {
1101         struct failtest_call *p;
1102         struct pipe_call call;
1103
1104         p = add_history(FAILTEST_PIPE, true, file, line, &call);
1105         if (should_fail(p)) {
1106                 p->u.open.ret = -1;
1107                 /* FIXME: Play with error codes? */
1108                 p->error = EMFILE;
1109         } else {
1110                 p->u.pipe.ret = pipe(p->u.pipe.fds);
1111                 p->u.pipe.closed[0] = p->u.pipe.closed[1] = false;
1112                 set_cleanup(p, cleanup_pipe, struct pipe_call);
1113         }
1114         /* This causes valgrind to notice if they use pipefd[] after failure */
1115         memcpy(pipefd, p->u.pipe.fds, sizeof(p->u.pipe.fds));
1116         errno = p->error;
1117         return p->u.pipe.ret;
1118 }
1119
1120 static void cleanup_read(struct read_call *call, bool restore)
1121 {
1122         if (restore) {
1123                 /* Read (not readv!) moves file offset! */
1124                 if (lseek(call->fd, call->off, SEEK_SET) != call->off) {
1125                         fwarn("Restoring lseek pointer failed (read)");
1126                 }
1127         }
1128 }
1129
1130 static ssize_t failtest_add_read(int fd, void *buf, size_t count, off_t off,
1131                                  bool is_pread, const char *file, unsigned line)
1132 {
1133         struct failtest_call *p;
1134         struct read_call call;
1135         call.fd = fd;
1136         call.buf = buf;
1137         call.count = count;
1138         call.off = off;
1139         p = add_history(FAILTEST_READ, false, file, line, &call);
1140
1141         /* FIXME: Try partial read returns. */
1142         if (should_fail(p)) {
1143                 p->u.read.ret = -1;
1144                 p->error = EIO;
1145         } else {
1146                 if (is_pread)
1147                         p->u.read.ret = pread(fd, buf, count, off);
1148                 else {
1149                         p->u.read.ret = read(fd, buf, count);
1150                         if (p->u.read.ret != -1)
1151                                 set_cleanup(p, cleanup_read, struct read_call);
1152                 }
1153         }
1154         errno = p->error;
1155         return p->u.read.ret;
1156 }
1157
1158 static void cleanup_write(struct write_call *write, bool restore)
1159 {
1160         if (restore)
1161                 restore_contents(write->opener, write->saved, !write->is_pwrite,
1162                                  "write");
1163         free(write->saved);
1164 }
1165
1166 static ssize_t failtest_add_write(int fd, const void *buf,
1167                                   size_t count, off_t off,
1168                                   bool is_pwrite,
1169                                   const char *file, unsigned line)
1170 {
1171         struct failtest_call *p;
1172         struct write_call call;
1173
1174         call.fd = fd;
1175         call.buf = buf;
1176         call.count = count;
1177         call.off = off;
1178         call.is_pwrite = is_pwrite;
1179         call.opener = opener_of(fd);
1180         p = add_history(FAILTEST_WRITE, false, file, line, &call);
1181
1182         /* If we're a child, we need to make sure we write the same thing
1183          * to non-files as the parent does, so tell it. */
1184         if (control_fd != -1 && off == (off_t)-1) {
1185                 enum info_type type = WRITE;
1186
1187                 write_all(control_fd, &type, sizeof(type));
1188                 write_all(control_fd, &p->u.write, sizeof(p->u.write));
1189                 write_all(control_fd, buf, count);
1190         }
1191
1192         /* FIXME: Try partial write returns. */
1193         if (should_fail(p)) {
1194                 p->u.write.ret = -1;
1195                 p->error = EIO;
1196         } else {
1197                 bool is_file;
1198                 assert(call.opener == p->u.write.opener);
1199
1200                 if (p->u.write.opener) {
1201                         is_file = (p->u.write.opener->type == FAILTEST_OPEN);
1202                 } else {
1203                         /* We can't unwind it, so at least check same
1204                          * in parent and child. */
1205                         is_file = false;
1206                 }
1207
1208                 /* FIXME: We assume same write order in parent and child */
1209                 if (!is_file && child_writes_num != 0) {
1210                         if (child_writes[0].fd != fd)
1211                                 errx(1, "Child wrote to fd %u, not %u?",
1212                                      child_writes[0].fd, fd);
1213                         if (child_writes[0].off != p->u.write.off)
1214                                 errx(1, "Child wrote to offset %zu, not %zu?",
1215                                      (size_t)child_writes[0].off,
1216                                      (size_t)p->u.write.off);
1217                         if (child_writes[0].count != count)
1218                                 errx(1, "Child wrote length %zu, not %zu?",
1219                                      child_writes[0].count, count);
1220                         if (memcmp(child_writes[0].buf, buf, count)) {
1221                                 child_fail(NULL, 0,
1222                                            "Child wrote differently to"
1223                                            " fd %u than we did!\n", fd);
1224                         }
1225                         free((char *)child_writes[0].buf);
1226                         child_writes_num--;
1227                         memmove(&child_writes[0], &child_writes[1],
1228                                 sizeof(child_writes[0]) * child_writes_num);
1229
1230                         /* Child wrote it already. */
1231                         p->u.write.ret = count;
1232                         errno = p->error;
1233                         return p->u.write.ret;
1234                 }
1235
1236                 if (is_file) {
1237                         p->u.write.saved = save_contents(fd, count, off);
1238                         set_cleanup(p, cleanup_write, struct write_call);
1239                 }
1240
1241                 /* Though off is current seek ptr for write case, we need to
1242                  * move it.  write() does that for us. */
1243                 if (p->u.write.is_pwrite)
1244                         p->u.write.ret = pwrite(fd, buf, count, off);
1245                 else
1246                         p->u.write.ret = write(fd, buf, count);
1247         }
1248         errno = p->error;
1249         return p->u.write.ret;
1250 }
1251
1252 ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset,
1253                         const char *file, unsigned line)
1254 {
1255         return failtest_add_write(fd, buf, count, offset, true, file, line);
1256 }
1257
1258 ssize_t failtest_write(int fd, const void *buf, size_t count,
1259                        const char *file, unsigned line)
1260 {
1261         return failtest_add_write(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1262                                   file, line);
1263 }
1264
1265 ssize_t failtest_pread(int fd, void *buf, size_t count, off_t off,
1266                        const char *file, unsigned line)
1267 {
1268         return failtest_add_read(fd, buf, count, off, true, file, line);
1269 }
1270
1271 ssize_t failtest_read(int fd, void *buf, size_t count,
1272                       const char *file, unsigned line)
1273 {
1274         return failtest_add_read(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1275                                  file, line);
1276 }
1277
1278 static struct lock_info *WARN_UNUSED_RESULT
1279 add_lock(struct lock_info *locks, int fd, off_t start, off_t end, int type)
1280 {
1281         unsigned int i;
1282         struct lock_info *l;
1283
1284         for (i = 0; i < lock_num; i++) {
1285                 l = &locks[i];
1286
1287                 if (l->fd != fd)
1288                         continue;
1289                 /* Four cases we care about:
1290                  * Start overlap:
1291                  *      l =    |      |
1292                  *      new = |   |
1293                  * Mid overlap:
1294                  *      l =    |      |
1295                  *      new =    |  |
1296                  * End overlap:
1297                  *      l =    |      |
1298                  *      new =      |    |
1299                  * Total overlap:
1300                  *      l =    |      |
1301                  *      new = |         |
1302                  */
1303                 if (start > l->start && end < l->end) {
1304                         /* Mid overlap: trim entry, add new one. */
1305                         off_t new_start, new_end;
1306                         new_start = end + 1;
1307                         new_end = l->end;
1308                         l->end = start - 1;
1309                         locks = add_lock(locks,
1310                                          fd, new_start, new_end, l->type);
1311                         l = &locks[i];
1312                 } else if (start <= l->start && end >= l->end) {
1313                         /* Total overlap: eliminate entry. */
1314                         l->end = 0;
1315                         l->start = 1;
1316                 } else if (end >= l->start && end < l->end) {
1317                         /* Start overlap: trim entry. */
1318                         l->start = end + 1;
1319                 } else if (start > l->start && start <= l->end) {
1320                         /* End overlap: trim entry. */
1321                         l->end = start-1;
1322                 }
1323                 /* Nothing left?  Remove it. */
1324                 if (l->end < l->start) {
1325                         memmove(l, l + 1, (--lock_num - i) * sizeof(l[0]));
1326                         i--;
1327                 }
1328         }
1329
1330         if (type != F_UNLCK) {
1331                 locks = realloc(locks, (lock_num + 1) * sizeof(*locks));
1332                 l = &locks[lock_num++];
1333                 l->fd = fd;
1334                 l->start = start;
1335                 l->end = end;
1336                 l->type = type;
1337         }
1338         return locks;
1339 }
1340
1341 /* We trap this so we can record it: we don't fail it. */
1342 int failtest_close(int fd, const char *file, unsigned line)
1343 {
1344         struct close_call call;
1345         struct failtest_call *p, *opener;
1346
1347         /* Do this before we add ourselves to history! */
1348         opener = opener_of(fd);
1349
1350         call.fd = fd;
1351         p = add_history(FAILTEST_CLOSE, false, file, line, &call);
1352         p->fail = false;
1353
1354         /* Consume close from failpath (shouldn't tell us to fail). */
1355         if (following_path()) {
1356                 if (follow_path(p))
1357                         abort();
1358         }
1359
1360         if (fd < 0)
1361                 return close(fd);
1362
1363         /* Mark opener as not leaking, remove its cleanup function. */
1364         if (opener) {
1365                 if (opener->type == FAILTEST_PIPE) {
1366                         /* From a pipe? */
1367                         if (opener->u.pipe.fds[0] == fd) {
1368                                 assert(!opener->u.pipe.closed[0]);
1369                                 opener->u.pipe.closed[0] = true;
1370                         } else if (opener->u.pipe.fds[1] == fd) {
1371                                 assert(!opener->u.pipe.closed[1]);
1372                                 opener->u.pipe.closed[1] = true;
1373                         } else
1374                                 abort();
1375                         opener->can_leak = (!opener->u.pipe.closed[0]
1376                                             || !opener->u.pipe.closed[1]);
1377                 } else if (opener->type == FAILTEST_OPEN) {
1378                         opener->u.open.closed = true;
1379                         opener->can_leak = false;
1380                 } else
1381                         abort();
1382         }
1383
1384         /* Restore offset now, in case parent shared (can't do after close!). */
1385         if (control_fd != -1) {
1386                 struct failtest_call *i;
1387
1388                 tlist_for_each_rev(&history, i, list) {
1389                         if (i == our_history_start)
1390                                 break;
1391                         if (i == opener)
1392                                 break;
1393                         if (i->type == FAILTEST_LSEEK && i->u.lseek.fd == fd) {
1394                                 /* This seeks back. */
1395                                 i->cleanup(&i->u, true);
1396                                 i->cleanup = NULL;
1397                         } else if (i->type == FAILTEST_WRITE
1398                                    && i->u.write.fd == fd
1399                                    && !i->u.write.is_pwrite) {
1400                                 /* Write (not pwrite!) moves file offset! */
1401                                 if (lseek(fd, i->u.write.off, SEEK_SET)
1402                                     != i->u.write.off) {
1403                                         fwarn("Restoring lseek pointer failed (write)");
1404                                 }
1405                         } else if (i->type == FAILTEST_READ
1406                                    && i->u.read.fd == fd) {
1407                                 /* preads don't *have* cleanups */
1408                                 if (i->cleanup) {
1409                                         /* This seeks back. */
1410                                         i->cleanup(&i->u, true);
1411                                         i->cleanup = NULL;
1412                                 }
1413                         }
1414                 }
1415         }
1416
1417         /* Close unlocks everything. */
1418         locks = add_lock(locks, fd, 0, off_max(), F_UNLCK);
1419         return close(fd);
1420 }
1421
1422 /* Zero length means "to end of file" */
1423 static off_t end_of(off_t start, off_t len)
1424 {
1425         if (len == 0)
1426                 return off_max();
1427         return start + len - 1;
1428 }
1429
1430 /* FIXME: This only handles locks, really. */
1431 int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...)
1432 {
1433         struct failtest_call *p;
1434         struct fcntl_call call;
1435         va_list ap;
1436
1437         call.fd = fd;
1438         call.cmd = cmd;
1439
1440         /* Argument extraction. */
1441         switch (cmd) {
1442         case F_SETFL:
1443         case F_SETFD:
1444                 va_start(ap, cmd);
1445                 call.arg.l = va_arg(ap, long);
1446                 va_end(ap);
1447                 return fcntl(fd, cmd, call.arg.l);
1448         case F_GETFD:
1449         case F_GETFL:
1450                 return fcntl(fd, cmd);
1451         case F_GETLK:
1452                 get_locks();
1453                 va_start(ap, cmd);
1454                 call.arg.fl = *va_arg(ap, struct flock *);
1455                 va_end(ap);
1456                 return fcntl(fd, cmd, &call.arg.fl);
1457         case F_SETLK:
1458         case F_SETLKW:
1459                 va_start(ap, cmd);
1460                 call.arg.fl = *va_arg(ap, struct flock *);
1461                 va_end(ap);
1462                 break;
1463         default:
1464                 /* This means you need to implement it here. */
1465                 err(1, "failtest: unknown fcntl %u", cmd);
1466         }
1467
1468         p = add_history(FAILTEST_FCNTL, false, file, line, &call);
1469
1470         if (should_fail(p)) {
1471                 p->u.fcntl.ret = -1;
1472                 if (p->u.fcntl.cmd == F_SETLK)
1473                         p->error = EAGAIN;
1474                 else
1475                         p->error = EDEADLK;
1476         } else {
1477                 get_locks();
1478                 p->u.fcntl.ret = fcntl(p->u.fcntl.fd, p->u.fcntl.cmd,
1479                                        &p->u.fcntl.arg.fl);
1480                 if (p->u.fcntl.ret == -1)
1481                         p->error = errno;
1482                 else {
1483                         /* We don't handle anything else yet. */
1484                         assert(p->u.fcntl.arg.fl.l_whence == SEEK_SET);
1485                         locks = add_lock(locks,
1486                                          p->u.fcntl.fd,
1487                                          p->u.fcntl.arg.fl.l_start,
1488                                          end_of(p->u.fcntl.arg.fl.l_start,
1489                                                 p->u.fcntl.arg.fl.l_len),
1490                                          p->u.fcntl.arg.fl.l_type);
1491                 }
1492         }
1493         errno = p->error;
1494         return p->u.fcntl.ret;
1495 }
1496
1497 static void cleanup_lseek(struct lseek_call *call, bool restore)
1498 {
1499         if (restore) {
1500                 if (lseek(call->fd, call->old_off, SEEK_SET) != call->old_off)
1501                         fwarn("Restoring lseek pointer failed");
1502         }
1503 }
1504
1505 /* We trap this so we can undo it: we don't fail it. */
1506 off_t failtest_lseek(int fd, off_t offset, int whence, const char *file,
1507                      unsigned int line)
1508 {
1509         struct failtest_call *p;
1510         struct lseek_call call;
1511         call.fd = fd;
1512         call.offset = offset;
1513         call.whence = whence;
1514         call.old_off = lseek(fd, 0, SEEK_CUR);
1515
1516         p = add_history(FAILTEST_LSEEK, false, file, line, &call);
1517         p->fail = false;
1518
1519         /* Consume lseek from failpath. */
1520         if (failpath)
1521                 if (should_fail(p))
1522                         abort();
1523
1524         p->u.lseek.ret = lseek(fd, offset, whence);
1525
1526         if (p->u.lseek.ret != (off_t)-1)
1527                 set_cleanup(p, cleanup_lseek, struct lseek_call);
1528         return p->u.lseek.ret;
1529 }
1530
1531
1532 pid_t failtest_getpid(const char *file, unsigned line)
1533 {
1534         /* You must call failtest_init first! */
1535         assert(orig_pid);
1536         return orig_pid;
1537 }
1538         
1539 void failtest_init(int argc, char *argv[])
1540 {
1541         unsigned int i;
1542
1543         orig_pid = getpid();
1544
1545         warnfd = move_fd_to_high(dup(STDERR_FILENO));
1546         for (i = 1; i < argc; i++) {
1547                 if (!strncmp(argv[i], "--failpath=", strlen("--failpath="))) {
1548                         failpath = argv[i] + strlen("--failpath=");
1549                 } else if (strcmp(argv[i], "--tracepath") == 0) {
1550                         tracefd = warnfd;
1551                         failtest_timeout_ms = -1;
1552                 } else if (!strncmp(argv[i], "--debugpath=",
1553                                     strlen("--debugpath="))) {
1554                         debugpath = argv[i] + strlen("--debugpath=");
1555                 }
1556         }
1557         failtable_init(&failtable);
1558         start = time_now();
1559 }
1560
1561 bool failtest_has_failed(void)
1562 {
1563         return control_fd != -1;
1564 }
1565
1566 void failtest_exit(int status)
1567 {
1568         if (failtest_exit_check) {
1569                 if (!failtest_exit_check(&history))
1570                         child_fail(NULL, 0, "failtest_exit_check failed\n");
1571         }
1572
1573         failtest_cleanup(false, status);
1574 }