1 /* Licensed under LGPL - see LICENSE file for details */
2 #include <ccan/failtest/failtest.h>
12 #include <sys/types.h>
19 #include <ccan/time/time.h>
20 #include <ccan/read_write_all/read_write_all.h>
21 #include <ccan/failtest/failtest_proto.h>
22 #include <ccan/build_assert/build_assert.h>
23 #include <ccan/hash/hash.h>
24 #include <ccan/htable/htable_type.h>
25 #include <ccan/str/str.h>
26 #include <ccan/compiler/compiler.h>
28 enum failtest_result (*failtest_hook)(struct tlist_calls *);
30 static int tracefd = -1;
31 static int traceindent = 0;
34 unsigned int failtest_timeout_ms = 20000;
37 const char *debugpath;
49 /* end is inclusive: you can't have a 0-byte lock. */
54 /* We hash the call location together with its backtrace. */
55 static size_t hash_call(const struct failtest_call *call)
57 return hash(call->file, strlen(call->file),
59 hash(call->backtrace, call->backtrace_num,
63 static bool call_eq(const struct failtest_call *call1,
64 const struct failtest_call *call2)
68 if (strcmp(call1->file, call2->file) != 0
69 || call1->line != call2->line
70 || call1->type != call2->type
71 || call1->backtrace_num != call2->backtrace_num)
74 for (i = 0; i < call1->backtrace_num; i++)
75 if (call1->backtrace[i] != call2->backtrace[i])
81 /* Defines struct failtable. */
82 HTABLE_DEFINE_TYPE(struct failtest_call, (struct failtest_call *), hash_call,
85 bool (*failtest_exit_check)(struct tlist_calls *history);
87 /* The entire history of all calls. */
88 static struct tlist_calls history = TLIST_INIT(history);
89 /* If we're a child, the fd two write control info to the parent. */
90 static int control_fd = -1;
91 /* If we're a child, this is the first call we did ourselves. */
92 static struct failtest_call *our_history_start = NULL;
93 /* For printing runtime with --trace. */
94 static struct timeval start;
95 /* Set when failtest_hook returns FAIL_PROBE */
96 static bool probing = false;
97 /* Table to track duplicates. */
98 static struct failtable failtable;
100 /* Array of writes which our child did. We report them on failure. */
101 static struct write_call *child_writes = NULL;
102 static unsigned int child_writes_num = 0;
104 /* fcntl locking info. */
105 static pid_t lock_owner;
106 static struct lock_info *locks = NULL;
107 static unsigned int lock_num = 0;
109 /* Our original pid, which we return to anyone who asks. */
110 static pid_t orig_pid;
112 /* Mapping from failtest_type to char. */
113 static const char info_to_arg[] = "mceoxprwfal";
115 /* Dummy call used for failtest_undo wrappers. */
116 static struct failtest_call unrecorded_call;
118 struct contents_saved {
125 /* File contents, saved in this child only. */
126 struct saved_mmapped_file {
127 struct saved_mmapped_file *next;
128 struct failtest_call *opener;
129 struct contents_saved *s;
132 static struct saved_mmapped_file *saved_mmapped_files;
135 #include <execinfo.h>
137 static void **get_backtrace(unsigned int *num)
139 static unsigned int max_back = 100;
143 ret = malloc(max_back * sizeof(void *));
144 *num = backtrace(ret, max_back);
145 if (*num == max_back) {
153 /* This will test slightly less, since will consider all of the same
154 * calls as identical. But, it's slightly faster! */
155 static void **get_backtrace(unsigned int *num)
160 #endif /* HAVE_BACKTRACE */
162 static struct failtest_call *add_history_(enum failtest_call_type type,
169 struct failtest_call *call;
171 /* NULL file is how we suppress failure. */
173 return &unrecorded_call;
175 call = malloc(sizeof *call);
177 call->can_leak = can_leak;
180 call->cleanup = NULL;
181 call->backtrace = get_backtrace(&call->backtrace_num);
182 memcpy(&call->u, elem, elem_size);
183 tlist_add_tail(&history, call, list);
187 #define add_history(type, can_leak, file, line, elem) \
188 add_history_((type), (can_leak), (file), (line), (elem), sizeof(*(elem)))
190 /* We do a fake call inside a sizeof(), to check types. */
191 #define set_cleanup(call, clean, type) \
192 (call)->cleanup = (void *)((void)sizeof(clean((type *)NULL, false),1), (clean))
194 /* Dup the fd to a high value (out of the way I hope!), and close the old fd. */
195 static int move_fd_to_high(int fd)
199 for (i = FD_SETSIZE - 1; i >= 0; i--) {
200 if (fcntl(i, F_GETFL) == -1 && errno == EBADF) {
201 if (dup2(fd, i) == -1)
202 err(1, "Failed to dup fd %i to %i", fd, i);
207 /* Nothing? Really? Er... ok? */
211 static bool read_write_info(int fd)
213 struct write_call *w;
216 /* We don't need all of this, but it's simple. */
217 child_writes = realloc(child_writes,
218 (child_writes_num+1) * sizeof(child_writes[0]));
219 w = &child_writes[child_writes_num];
220 if (!read_all(fd, w, sizeof(*w)))
223 w->buf = buf = malloc(w->count);
224 if (!read_all(fd, buf, w->count))
231 static char *failpath_string(void)
233 struct failtest_call *i;
234 char *ret = strdup("");
237 /* Inefficient, but who cares? */
238 tlist_for_each(&history, i, list) {
239 ret = realloc(ret, len + 2);
240 ret[len] = info_to_arg[i->type];
242 ret[len] = toupper(ret[len]);
248 static void warn_via_fd(int e, const char *fmt, va_list ap)
250 char *p = failpath_string();
252 vdprintf(warnfd, fmt, ap);
254 dprintf(warnfd, ": %s", strerror(e));
255 dprintf(warnfd, " [%s]\n", p);
259 static void fwarn(const char *fmt, ...)
265 warn_via_fd(e, fmt, ap);
270 static void fwarnx(const char *fmt, ...)
275 warn_via_fd(-1, fmt, ap);
279 static void tell_parent(enum info_type type)
281 if (control_fd != -1)
282 write_all(control_fd, &type, sizeof(type));
285 static void child_fail(const char *out, size_t outlen, const char *fmt, ...)
288 char *path = failpath_string();
291 vfprintf(stderr, fmt, ap);
294 fprintf(stderr, "%.*s", (int)outlen, out);
295 printf("To reproduce: --failpath=%s\n", path);
297 tell_parent(FAILURE);
301 static void PRINTF_FMT(1, 2) trace(const char *fmt, ...)
309 for (i = 0; i < traceindent; i++)
310 dprintf(tracefd, " ");
312 dprintf(tracefd, "%u: ", getpid());
314 vdprintf(tracefd, fmt, ap);
320 static void hand_down(int signum)
325 static void release_locks(void)
327 /* Locks were never acquired/reacquired? */
331 /* We own them? Release them all. */
332 if (lock_owner == getpid()) {
336 fl.l_whence = SEEK_SET;
340 trace("Releasing %u locks\n", lock_num);
341 for (i = 0; i < lock_num; i++)
342 fcntl(locks[i].fd, F_SETLK, &fl);
344 /* Our parent must have them; pass request up. */
345 enum info_type type = RELEASE_LOCKS;
346 assert(control_fd != -1);
347 write_all(control_fd, &type, sizeof(type));
352 /* off_t is a signed type. Getting its max is non-trivial. */
353 static off_t off_max(void)
355 BUILD_ASSERT(sizeof(off_t) == 4 || sizeof(off_t) == 8);
356 if (sizeof(off_t) == 4)
357 return (off_t)0x7FFFFFF;
359 return (off_t)0x7FFFFFFFFFFFFFFULL;
362 static void get_locks(void)
367 if (lock_owner == getpid())
370 if (lock_owner != 0) {
371 enum info_type type = RELEASE_LOCKS;
372 assert(control_fd != -1);
373 trace("Asking parent to release locks\n");
374 write_all(control_fd, &type, sizeof(type));
377 fl.l_whence = SEEK_SET;
379 for (i = 0; i < lock_num; i++) {
380 fl.l_type = locks[i].type;
381 fl.l_start = locks[i].start;
382 if (locks[i].end == off_max())
385 fl.l_len = locks[i].end - locks[i].start + 1;
387 if (fcntl(locks[i].fd, F_SETLKW, &fl) != 0)
390 trace("Acquired %u locks\n", lock_num);
391 lock_owner = getpid();
395 static struct contents_saved *save_contents(const char *filename,
396 int fd, size_t count, off_t off,
399 struct contents_saved *s = malloc(sizeof(*s) + count);
404 ret = pread(fd, s->contents, count, off);
406 fwarn("failtest_write: failed to save old contents!");
411 /* Use lseek to get the size of file, but we have to restore
413 off = lseek(fd, 0, SEEK_CUR);
414 s->old_len = lseek(fd, 0, SEEK_END);
415 lseek(fd, off, SEEK_SET);
417 trace("Saving %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
418 s, filename, s->count, (long long)s->off, why,
419 (long long)s->old_len, fd);
423 static void restore_contents(struct failtest_call *opener,
424 struct contents_saved *s,
430 /* The top parent doesn't need to restore. */
431 if (control_fd == -1)
434 /* Has the fd been closed? */
435 if (opener->u.open.closed) {
436 /* Reopen, replace fd, close silently as we clean up. */
437 fd = open(opener->u.open.pathname, O_RDWR);
439 fwarn("failtest: could not reopen %s to clean up %s!",
440 opener->u.open.pathname, caller);
443 /* Make it clearly distinguisable from a "normal" fd. */
444 fd = move_fd_to_high(fd);
445 trace("Reopening %s to restore it (was fd %i, now %i)\n",
446 opener->u.open.pathname, opener->u.open.ret, fd);
447 opener->u.open.ret = fd;
448 opener->u.open.closed = false;
450 fd = opener->u.open.ret;
452 trace("Restoring %p %s %zu@%llu after %s (filelength %llu) via fd %i\n",
453 s, opener->u.open.pathname, s->count, (long long)s->off, caller,
454 (long long)s->old_len, fd);
455 if (pwrite(fd, s->contents, s->count, s->off) != s->count) {
456 fwarn("failtest: write failed cleaning up %s for %s!",
457 opener->u.open.pathname, caller);
460 if (ftruncate(fd, s->old_len) != 0) {
461 fwarn("failtest_write: truncate failed cleaning up %s for %s!",
462 opener->u.open.pathname, caller);
465 if (restore_offset) {
466 trace("Restoring offset of fd %i to %llu\n",
467 fd, (long long)s->off);
468 lseek(fd, s->off, SEEK_SET);
472 /* We save/restore most things on demand, but always do mmaped files. */
473 static void save_mmapped_files(void)
475 struct failtest_call *i;
476 trace("Saving mmapped files in child\n");
478 tlist_for_each_rev(&history, i, list) {
479 struct mmap_call *m = &i->u.mmap;
480 struct saved_mmapped_file *s;
482 if (i->type != FAILTEST_MMAP)
485 /* FIXME: We only handle mmapped files where fd is still open. */
486 if (m->opener->u.open.closed)
489 s = malloc(sizeof *s);
490 s->s = save_contents(m->opener->u.open.pathname,
491 m->fd, m->length, m->offset,
492 "mmapped file before fork");
493 s->opener = m->opener;
494 s->next = saved_mmapped_files;
495 saved_mmapped_files = s;
499 static void free_mmapped_files(bool restore)
501 trace("%s mmapped files in child\n",
502 restore ? "Restoring" : "Discarding");
503 while (saved_mmapped_files) {
504 struct saved_mmapped_file *next = saved_mmapped_files->next;
506 restore_contents(saved_mmapped_files->opener,
507 saved_mmapped_files->s, false,
509 free(saved_mmapped_files->s);
510 free(saved_mmapped_files);
511 saved_mmapped_files = next;
515 /* Returns a FAILTEST_OPEN, FAILTEST_PIPE or NULL. */
516 static struct failtest_call *opener_of(int fd)
518 struct failtest_call *i;
520 /* Don't get confused and match genuinely failed opens. */
524 /* Figure out the set of live fds. */
525 tlist_for_each_rev(&history, i, list) {
530 if (i->u.close.fd == fd) {
535 if (i->u.open.ret == fd) {
536 if (i->u.open.closed)
542 if (i->u.pipe.fds[0] == fd || i->u.pipe.fds[1] == fd) {
551 /* FIXME: socket, dup, etc are untracked! */
555 static void free_call(struct failtest_call *call)
557 /* We don't do this in cleanup: needed even for failed opens. */
558 if (call->type == FAILTEST_OPEN)
559 free((char *)call->u.open.pathname);
560 free(call->backtrace);
561 tlist_del_from(&history, call, list);
565 /* Free up memory, so valgrind doesn't report leaks. */
566 static void free_everything(void)
568 struct failtest_call *i;
570 while ((i = tlist_top(&history, struct failtest_call, list)) != NULL)
573 failtable_clear(&failtable);
576 static NORETURN void failtest_cleanup(bool forced_cleanup, int status)
578 struct failtest_call *i;
581 /* For children, we don't care if they "failed" the testing. */
582 if (control_fd != -1)
585 /* We don't restore contents for original parent. */
588 /* Cleanup everything, in reverse order. */
589 tlist_for_each_rev(&history, i, list) {
590 /* Don't restore things our parent did. */
591 if (i == our_history_start)
598 i->cleanup(&i->u, restore);
600 /* But their program shouldn't leak, even on failure. */
601 if (!forced_cleanup && i->can_leak) {
602 printf("Leak at %s:%u: --failpath=%s\n",
603 i->file, i->line, failpath_string());
608 /* Put back mmaped files the way our parent (if any) expects. */
609 free_mmapped_files(true);
613 tell_parent(SUCCESS);
615 tell_parent(FAILURE);
619 static bool following_path(void)
623 /* + means continue after end, like normal. */
624 if (*failpath == '+') {
631 static bool follow_path(struct failtest_call *call)
633 if (*failpath == '\0') {
634 /* Continue, but don't inject errors. */
635 return call->fail = false;
638 if (tolower((unsigned char)*failpath) != info_to_arg[call->type])
639 errx(1, "Failpath expected '%s' got '%c'\n",
640 failpath, info_to_arg[call->type]);
641 call->fail = cisupper(*(failpath++));
643 call->can_leak = false;
647 static bool should_fail(struct failtest_call *call)
650 int control[2], output[2];
651 enum info_type type = UNEXPECTED;
654 struct failtest_call *dup;
656 if (call == &unrecorded_call)
659 if (following_path())
660 return follow_path(call);
662 /* Attach debugger if they asked for it. */
666 /* Pretend this last call matches whatever path wanted:
667 * keeps valgrind happy. */
668 call->fail = cisupper(debugpath[strlen(debugpath)-1]);
669 path = failpath_string();
671 if (streq(path, debugpath)) {
675 signal(SIGUSR1, SIG_IGN);
676 sprintf(str, "xterm -e gdb /proc/%d/exe %d &",
678 if (system(str) == 0)
681 /* Ignore last character: could be upper or lower. */
682 path[strlen(path)-1] = '\0';
683 if (!strstarts(debugpath, path)) {
685 "--debugpath not followed: %s\n", path);
692 /* Are we probing? If so, we never fail twice. */
694 trace("Not failing %c due to FAIL_PROBE return\n",
695 info_to_arg[call->type]);
696 return call->fail = false;
699 /* Don't fail more than once in the same place. */
700 dup = failtable_get(&failtable, call);
702 trace("Not failing %c due to duplicate\n",
703 info_to_arg[call->type]);
704 return call->fail = false;
708 switch (failtest_hook(&history)) {
715 trace("Not failing %c due to failhook return\n",
716 info_to_arg[call->type]);
724 /* Add it to our table of calls. */
725 failtable_add(&failtable, call);
727 /* We're going to fail in the child. */
729 if (pipe(control) != 0 || pipe(output) != 0)
730 err(1, "opening pipe");
732 /* Move out the way, to high fds. */
733 control[0] = move_fd_to_high(control[0]);
734 control[1] = move_fd_to_high(control[1]);
735 output[0] = move_fd_to_high(output[0]);
736 output[1] = move_fd_to_high(output[1]);
738 /* Prevent double-printing (in child and parent) */
742 err(1, "forking failed");
750 struct failtest_call *c;
752 c = tlist_tail(&history, struct failtest_call, list);
753 diff = time_sub(time_now(), start);
754 failpath = failpath_string();
755 trace("%u->%u (%u.%02u): %s (", getppid(), getpid(),
756 (int)diff.tv_sec, (int)diff.tv_usec / 10000,
759 p = strrchr(c->file, '/');
763 trace("%s", c->file);
764 trace(":%u)\n", c->line);
766 /* From here on, we have to clean up! */
767 our_history_start = tlist_tail(&history, struct failtest_call,
771 /* Don't swallow stderr if we're tracing. */
773 dup2(output[1], STDOUT_FILENO);
774 dup2(output[1], STDERR_FILENO);
775 if (output[1] != STDOUT_FILENO
776 && output[1] != STDERR_FILENO)
779 control_fd = move_fd_to_high(control[1]);
781 /* Forget any of our parent's saved files. */
782 free_mmapped_files(false);
784 /* Now, save any files we need to. */
785 save_mmapped_files();
787 /* Failed calls can't leak. */
788 call->can_leak = false;
793 signal(SIGUSR1, hand_down);
798 /* We grab output so we can display it; we grab writes so we
801 struct pollfd pfd[2];
804 pfd[0].fd = output[0];
805 pfd[0].events = POLLIN|POLLHUP;
806 pfd[1].fd = control[0];
807 pfd[1].events = POLLIN|POLLHUP;
810 ret = poll(pfd, 1, failtest_timeout_ms);
812 ret = poll(pfd, 2, failtest_timeout_ms);
819 err(1, "Poll returned %i", ret);
822 if (pfd[0].revents & POLLIN) {
825 out = realloc(out, outlen + 8192);
826 len = read(output[0], out + outlen, 8192);
828 } else if (type != SUCCESS && (pfd[1].revents & POLLIN)) {
829 if (read_all(control[0], &type, sizeof(type))) {
831 if (!read_write_info(control[0]))
833 } else if (type == RELEASE_LOCKS) {
835 /* FIXME: Tell them we're done... */
838 } else if (pfd[0].revents & POLLHUP) {
841 } while (type != FAILURE);
845 waitpid(child, &status, 0);
846 if (!WIFEXITED(status)) {
847 if (WTERMSIG(status) == SIGUSR1)
848 child_fail(out, outlen, "Timed out");
850 child_fail(out, outlen, "Killed by signal %u: ",
853 /* Child printed failure already, just pass up exit code. */
854 if (type == FAILURE) {
855 fprintf(stderr, "%.*s", (int)outlen, out);
857 exit(WEXITSTATUS(status) ? WEXITSTATUS(status) : 1);
859 if (WEXITSTATUS(status) != 0)
860 child_fail(out, outlen, "Exited with status %i: ",
861 WEXITSTATUS(status));
864 signal(SIGUSR1, SIG_DFL);
866 /* Only child does probe. */
869 /* We continue onwards without failing. */
874 static void cleanup_calloc(struct calloc_call *call, bool restore)
876 trace("undoing calloc %p\n", call->ret);
880 void *failtest_calloc(size_t nmemb, size_t size,
881 const char *file, unsigned line)
883 struct failtest_call *p;
884 struct calloc_call call;
887 p = add_history(FAILTEST_CALLOC, true, file, line, &call);
889 if (should_fail(p)) {
890 p->u.calloc.ret = NULL;
893 p->u.calloc.ret = calloc(nmemb, size);
894 set_cleanup(p, cleanup_calloc, struct calloc_call);
896 trace("calloc %zu x %zu %s:%u -> %p\n",
897 nmemb, size, file, line, p->u.calloc.ret);
899 return p->u.calloc.ret;
902 static void cleanup_malloc(struct malloc_call *call, bool restore)
904 trace("undoing malloc %p\n", call->ret);
908 void *failtest_malloc(size_t size, const char *file, unsigned line)
910 struct failtest_call *p;
911 struct malloc_call call;
914 p = add_history(FAILTEST_MALLOC, true, file, line, &call);
915 if (should_fail(p)) {
916 p->u.malloc.ret = NULL;
919 p->u.malloc.ret = malloc(size);
920 set_cleanup(p, cleanup_malloc, struct malloc_call);
922 trace("malloc %zu %s:%u -> %p\n",
923 size, file, line, p->u.malloc.ret);
925 return p->u.malloc.ret;
928 static void cleanup_realloc(struct realloc_call *call, bool restore)
930 trace("undoing realloc %p\n", call->ret);
934 /* Walk back and find out if we got this ptr from a previous routine. */
935 static void fixup_ptr_history(void *ptr, const char *why)
937 struct failtest_call *i;
939 /* Start at end of history, work back. */
940 tlist_for_each_rev(&history, i, list) {
942 case FAILTEST_REALLOC:
943 if (i->u.realloc.ret == ptr) {
944 trace("found realloc %p %s:%u matching %s\n",
945 ptr, i->file, i->line, why);
951 case FAILTEST_MALLOC:
952 if (i->u.malloc.ret == ptr) {
953 trace("found malloc %p %s:%u matching %s\n",
954 ptr, i->file, i->line, why);
960 case FAILTEST_CALLOC:
961 if (i->u.calloc.ret == ptr) {
962 trace("found calloc %p %s:%u matching %s\n",
963 ptr, i->file, i->line, why);
973 trace("Did not find %p matching %s\n", ptr, why);
976 void *failtest_realloc(void *ptr, size_t size, const char *file, unsigned line)
978 struct failtest_call *p;
979 struct realloc_call call;
981 p = add_history(FAILTEST_REALLOC, true, file, line, &call);
983 /* FIXME: Try one child moving allocation, one not. */
984 if (should_fail(p)) {
985 p->u.realloc.ret = NULL;
988 /* Don't catch this one in the history fixup... */
989 p->u.realloc.ret = NULL;
990 fixup_ptr_history(ptr, "realloc");
991 p->u.realloc.ret = realloc(ptr, size);
992 set_cleanup(p, cleanup_realloc, struct realloc_call);
994 trace("realloc %p %s:%u -> %p\n",
995 ptr, file, line, p->u.realloc.ret);
997 return p->u.realloc.ret;
1000 /* FIXME: Record free, so we can terminate fixup_ptr_history correctly.
1001 * If there's an alloc we don't see, it could get confusing if it matches
1002 * a previous allocation we did see. */
1003 void failtest_free(void *ptr)
1005 fixup_ptr_history(ptr, "free");
1006 trace("free %p\n", ptr);
1011 static struct contents_saved *save_file(const char *pathname)
1014 struct contents_saved *s;
1016 fd = open(pathname, O_RDONLY);
1020 s = save_contents(pathname, fd, lseek(fd, 0, SEEK_END), 0,
1021 "open with O_TRUNC");
1026 /* Optimization: don't create a child for an open which *we know*
1027 * would fail anyway. */
1028 static bool open_would_fail(const char *pathname, int flags)
1030 if ((flags & O_ACCMODE) == O_RDONLY)
1031 return access(pathname, R_OK) != 0;
1032 if (!(flags & O_CREAT)) {
1033 if ((flags & O_ACCMODE) == O_WRONLY)
1034 return access(pathname, W_OK) != 0;
1035 if ((flags & O_ACCMODE) == O_RDWR)
1036 return access(pathname, W_OK) != 0
1037 || access(pathname, R_OK) != 0;
1039 /* FIXME: We could check if it exists, for O_CREAT|O_EXCL */
1043 static void cleanup_open(struct open_call *call, bool restore)
1045 if (restore && call->saved)
1046 restore_contents(container_of(call, struct failtest_call,
1048 call->saved, false, "open with O_TRUNC");
1049 if (!call->closed) {
1050 trace("Cleaning up open %s by closing fd %i\n",
1051 call->pathname, call->ret);
1053 call->closed = true;
1058 int failtest_open(const char *pathname,
1059 const char *file, unsigned line, ...)
1061 struct failtest_call *p;
1062 struct open_call call;
1065 call.pathname = strdup(pathname);
1067 call.flags = va_arg(ap, int);
1068 call.always_save = false;
1069 call.closed = false;
1070 if (call.flags & O_CREAT) {
1071 call.mode = va_arg(ap, int);
1074 p = add_history(FAILTEST_OPEN, true, file, line, &call);
1075 /* Avoid memory leak! */
1076 if (p == &unrecorded_call)
1077 free((char *)call.pathname);
1079 if (should_fail(p)) {
1080 /* Don't bother inserting failures that would happen anyway. */
1081 if (open_would_fail(pathname, call.flags)) {
1082 trace("Open would have failed anyway: stopping\n");
1083 failtest_cleanup(true, 0);
1086 /* FIXME: Play with error codes? */
1089 /* Save the old version if they're truncating it. */
1090 if (call.flags & O_TRUNC)
1091 p->u.open.saved = save_file(pathname);
1093 p->u.open.saved = NULL;
1094 p->u.open.ret = open(pathname, call.flags, call.mode);
1095 if (p->u.open.ret == -1) {
1096 p->u.open.closed = true;
1097 p->can_leak = false;
1099 set_cleanup(p, cleanup_open, struct open_call);
1102 trace("open %s %s:%u -> %i (opener %p)\n",
1103 pathname, file, line, p->u.open.ret, &p->u.open);
1105 return p->u.open.ret;
1108 static void cleanup_mmap(struct mmap_call *mmap, bool restore)
1110 trace("cleaning up mmap @%p (opener %p)\n",
1111 mmap->ret, mmap->opener);
1113 restore_contents(mmap->opener, mmap->saved, false, "mmap");
1117 void *failtest_mmap(void *addr, size_t length, int prot, int flags,
1118 int fd, off_t offset, const char *file, unsigned line)
1120 struct failtest_call *p;
1121 struct mmap_call call;
1124 call.length = length;
1127 call.offset = offset;
1129 call.opener = opener_of(fd);
1131 /* If we don't know what file it was, don't fail. */
1134 fwarnx("failtest_mmap: couldn't figure out source for"
1135 " fd %i at %s:%u", fd, file, line);
1137 addr = mmap(addr, length, prot, flags, fd, offset);
1138 trace("mmap of fd %i -> %p (opener = NULL)\n", fd, addr);
1142 p = add_history(FAILTEST_MMAP, false, file, line, &call);
1143 if (should_fail(p)) {
1144 p->u.mmap.ret = MAP_FAILED;
1147 p->u.mmap.ret = mmap(addr, length, prot, flags, fd, offset);
1148 /* Save contents if we're writing to a normal file */
1149 if (p->u.mmap.ret != MAP_FAILED
1150 && (prot & PROT_WRITE)
1151 && call.opener->type == FAILTEST_OPEN) {
1152 const char *fname = call.opener->u.open.pathname;
1153 p->u.mmap.saved = save_contents(fname, fd, length,
1154 offset, "being mmapped");
1155 set_cleanup(p, cleanup_mmap, struct mmap_call);
1158 trace("mmap of fd %i %s:%u -> %p (opener = %p)\n",
1159 fd, file, line, addr, call.opener);
1161 return p->u.mmap.ret;
1164 static void cleanup_pipe(struct pipe_call *call, bool restore)
1166 trace("cleaning up pipe fd=%i%s,%i%s\n",
1167 call->fds[0], call->closed[0] ? "(already closed)" : "",
1168 call->fds[1], call->closed[1] ? "(already closed)" : "");
1169 if (!call->closed[0])
1170 close(call->fds[0]);
1171 if (!call->closed[1])
1172 close(call->fds[1]);
1175 int failtest_pipe(int pipefd[2], const char *file, unsigned line)
1177 struct failtest_call *p;
1178 struct pipe_call call;
1180 p = add_history(FAILTEST_PIPE, true, file, line, &call);
1181 if (should_fail(p)) {
1183 /* FIXME: Play with error codes? */
1186 p->u.pipe.ret = pipe(p->u.pipe.fds);
1187 p->u.pipe.closed[0] = p->u.pipe.closed[1] = false;
1188 set_cleanup(p, cleanup_pipe, struct pipe_call);
1191 trace("pipe %s:%u -> %i,%i\n", file, line,
1192 p->u.pipe.ret ? -1 : p->u.pipe.fds[0],
1193 p->u.pipe.ret ? -1 : p->u.pipe.fds[1]);
1195 /* This causes valgrind to notice if they use pipefd[] after failure */
1196 memcpy(pipefd, p->u.pipe.fds, sizeof(p->u.pipe.fds));
1198 return p->u.pipe.ret;
1201 static void cleanup_read(struct read_call *call, bool restore)
1204 trace("cleaning up read on fd %i: seeking to %llu\n",
1205 call->fd, (long long)call->off);
1207 /* Read (not readv!) moves file offset! */
1208 if (lseek(call->fd, call->off, SEEK_SET) != call->off) {
1209 fwarn("Restoring lseek pointer failed (read)");
1214 static ssize_t failtest_add_read(int fd, void *buf, size_t count, off_t off,
1215 bool is_pread, const char *file, unsigned line)
1217 struct failtest_call *p;
1218 struct read_call call;
1223 p = add_history(FAILTEST_READ, false, file, line, &call);
1225 /* FIXME: Try partial read returns. */
1226 if (should_fail(p)) {
1231 p->u.read.ret = pread(fd, buf, count, off);
1233 p->u.read.ret = read(fd, buf, count);
1234 if (p->u.read.ret != -1)
1235 set_cleanup(p, cleanup_read, struct read_call);
1238 trace("%sread %s:%u fd %i %zu@%llu -> %i\n",
1239 is_pread ? "p" : "", file, line, fd, count, (long long)off,
1242 return p->u.read.ret;
1245 static void cleanup_write(struct write_call *write, bool restore)
1247 trace("cleaning up write on %s\n", write->opener->u.open.pathname);
1249 restore_contents(write->opener, write->saved, !write->is_pwrite,
1254 static ssize_t failtest_add_write(int fd, const void *buf,
1255 size_t count, off_t off,
1257 const char *file, unsigned line)
1259 struct failtest_call *p;
1260 struct write_call call;
1266 call.is_pwrite = is_pwrite;
1267 call.opener = opener_of(fd);
1268 p = add_history(FAILTEST_WRITE, false, file, line, &call);
1270 /* If we're a child, we need to make sure we write the same thing
1271 * to non-files as the parent does, so tell it. */
1272 if (control_fd != -1 && off == (off_t)-1) {
1273 enum info_type type = WRITE;
1275 write_all(control_fd, &type, sizeof(type));
1276 write_all(control_fd, &p->u.write, sizeof(p->u.write));
1277 write_all(control_fd, buf, count);
1280 /* FIXME: Try partial write returns. */
1281 if (should_fail(p)) {
1282 p->u.write.ret = -1;
1286 assert(call.opener == p->u.write.opener);
1288 if (p->u.write.opener) {
1289 is_file = (p->u.write.opener->type == FAILTEST_OPEN);
1291 /* We can't unwind it, so at least check same
1292 * in parent and child. */
1296 /* FIXME: We assume same write order in parent and child */
1297 if (!is_file && child_writes_num != 0) {
1298 if (child_writes[0].fd != fd)
1299 errx(1, "Child wrote to fd %u, not %u?",
1300 child_writes[0].fd, fd);
1301 if (child_writes[0].off != p->u.write.off)
1302 errx(1, "Child wrote to offset %zu, not %zu?",
1303 (size_t)child_writes[0].off,
1304 (size_t)p->u.write.off);
1305 if (child_writes[0].count != count)
1306 errx(1, "Child wrote length %zu, not %zu?",
1307 child_writes[0].count, count);
1308 if (memcmp(child_writes[0].buf, buf, count)) {
1310 "Child wrote differently to"
1311 " fd %u than we did!\n", fd);
1313 free((char *)child_writes[0].buf);
1315 memmove(&child_writes[0], &child_writes[1],
1316 sizeof(child_writes[0]) * child_writes_num);
1318 /* Child wrote it already. */
1319 trace("write %s:%i on fd %i already done by child\n",
1321 p->u.write.ret = count;
1323 return p->u.write.ret;
1327 p->u.write.saved = save_contents(call.opener->u.open.pathname,
1329 "being overwritten");
1330 set_cleanup(p, cleanup_write, struct write_call);
1333 /* Though off is current seek ptr for write case, we need to
1334 * move it. write() does that for us. */
1335 if (p->u.write.is_pwrite)
1336 p->u.write.ret = pwrite(fd, buf, count, off);
1338 p->u.write.ret = write(fd, buf, count);
1340 trace("%swrite %s:%i %zu@%llu on fd %i -> %i\n",
1341 p->u.write.is_pwrite ? "p" : "",
1342 file, line, count, (long long)off, fd, p->u.write.ret);
1344 return p->u.write.ret;
1347 ssize_t failtest_pwrite(int fd, const void *buf, size_t count, off_t offset,
1348 const char *file, unsigned line)
1350 return failtest_add_write(fd, buf, count, offset, true, file, line);
1353 ssize_t failtest_write(int fd, const void *buf, size_t count,
1354 const char *file, unsigned line)
1356 return failtest_add_write(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1360 ssize_t failtest_pread(int fd, void *buf, size_t count, off_t off,
1361 const char *file, unsigned line)
1363 return failtest_add_read(fd, buf, count, off, true, file, line);
1366 ssize_t failtest_read(int fd, void *buf, size_t count,
1367 const char *file, unsigned line)
1369 return failtest_add_read(fd, buf, count, lseek(fd, 0, SEEK_CUR), false,
1373 static struct lock_info *WARN_UNUSED_RESULT
1374 add_lock(struct lock_info *locks, int fd, off_t start, off_t end, int type)
1377 struct lock_info *l;
1379 for (i = 0; i < lock_num; i++) {
1384 /* Four cases we care about:
1398 if (start > l->start && end < l->end) {
1399 /* Mid overlap: trim entry, add new one. */
1400 off_t new_start, new_end;
1401 new_start = end + 1;
1403 trace("splitting lock on fd %i from %llu-%llu"
1405 fd, (long long)l->start, (long long)l->end,
1406 (long long)l->start, (long long)start - 1);
1408 locks = add_lock(locks,
1409 fd, new_start, new_end, l->type);
1411 } else if (start <= l->start && end >= l->end) {
1412 /* Total overlap: eliminate entry. */
1413 trace("erasing lock on fd %i %llu-%llu\n",
1414 fd, (long long)l->start, (long long)l->end);
1417 } else if (end >= l->start && end < l->end) {
1418 trace("trimming lock on fd %i from %llu-%llu"
1420 fd, (long long)l->start, (long long)l->end,
1421 (long long)end + 1, (long long)l->end);
1422 /* Start overlap: trim entry. */
1424 } else if (start > l->start && start <= l->end) {
1425 trace("trimming lock on fd %i from %llu-%llu"
1427 fd, (long long)l->start, (long long)l->end,
1428 (long long)l->start, (long long)start - 1);
1429 /* End overlap: trim entry. */
1432 /* Nothing left? Remove it. */
1433 if (l->end < l->start) {
1434 trace("forgetting lock on fd %i\n", fd);
1435 memmove(l, l + 1, (--lock_num - i) * sizeof(l[0]));
1440 if (type != F_UNLCK) {
1441 locks = realloc(locks, (lock_num + 1) * sizeof(*locks));
1442 l = &locks[lock_num++];
1447 trace("new lock on fd %i %llu-%llu\n",
1448 fd, (long long)l->start, (long long)l->end);
1453 /* We trap this so we can record it: we don't fail it. */
1454 int failtest_close(int fd, const char *file, unsigned line)
1456 struct close_call call;
1457 struct failtest_call *p, *opener;
1459 /* Do this before we add ourselves to history! */
1460 opener = opener_of(fd);
1463 p = add_history(FAILTEST_CLOSE, false, file, line, &call);
1466 /* Consume close from failpath (shouldn't tell us to fail). */
1467 if (following_path()) {
1472 trace("close on fd %i\n", fd);
1476 /* Mark opener as not leaking, remove its cleanup function. */
1478 trace("close on fd %i found opener %p\n", fd, opener);
1479 if (opener->type == FAILTEST_PIPE) {
1481 if (opener->u.pipe.fds[0] == fd) {
1482 assert(!opener->u.pipe.closed[0]);
1483 opener->u.pipe.closed[0] = true;
1484 } else if (opener->u.pipe.fds[1] == fd) {
1485 assert(!opener->u.pipe.closed[1]);
1486 opener->u.pipe.closed[1] = true;
1489 opener->can_leak = (!opener->u.pipe.closed[0]
1490 || !opener->u.pipe.closed[1]);
1491 } else if (opener->type == FAILTEST_OPEN) {
1492 opener->u.open.closed = true;
1493 opener->can_leak = false;
1498 /* Restore offset now, in case parent shared (can't do after close!). */
1499 if (control_fd != -1) {
1500 struct failtest_call *i;
1502 tlist_for_each_rev(&history, i, list) {
1503 if (i == our_history_start)
1507 if (i->type == FAILTEST_LSEEK && i->u.lseek.fd == fd) {
1508 trace("close on fd %i undoes lseek\n", fd);
1509 /* This seeks back. */
1510 i->cleanup(&i->u, true);
1512 } else if (i->type == FAILTEST_WRITE
1513 && i->u.write.fd == fd
1514 && !i->u.write.is_pwrite) {
1515 trace("close on fd %i undoes write"
1516 " offset change\n", fd);
1517 /* Write (not pwrite!) moves file offset! */
1518 if (lseek(fd, i->u.write.off, SEEK_SET)
1519 != i->u.write.off) {
1520 fwarn("Restoring lseek pointer failed (write)");
1522 } else if (i->type == FAILTEST_READ
1523 && i->u.read.fd == fd) {
1524 /* preads don't *have* cleanups */
1526 trace("close on fd %i undoes read"
1527 " offset change\n", fd);
1528 /* This seeks back. */
1529 i->cleanup(&i->u, true);
1536 /* Close unlocks everything. */
1537 locks = add_lock(locks, fd, 0, off_max(), F_UNLCK);
1541 /* Zero length means "to end of file" */
1542 static off_t end_of(off_t start, off_t len)
1546 return start + len - 1;
1549 /* FIXME: This only handles locks, really. */
1550 int failtest_fcntl(int fd, const char *file, unsigned line, int cmd, ...)
1552 struct failtest_call *p;
1553 struct fcntl_call call;
1559 /* Argument extraction. */
1564 call.arg.l = va_arg(ap, long);
1566 trace("fcntl on fd %i F_SETFL/F_SETFD\n", fd);
1567 return fcntl(fd, cmd, call.arg.l);
1570 trace("fcntl on fd %i F_GETFL/F_GETFD\n", fd);
1571 return fcntl(fd, cmd);
1573 trace("fcntl on fd %i F_GETLK\n", fd);
1576 call.arg.fl = *va_arg(ap, struct flock *);
1578 return fcntl(fd, cmd, &call.arg.fl);
1581 trace("fcntl on fd %i F_SETLK%s\n",
1582 fd, cmd == F_SETLKW ? "W" : "");
1584 call.arg.fl = *va_arg(ap, struct flock *);
1588 /* This means you need to implement it here. */
1589 err(1, "failtest: unknown fcntl %u", cmd);
1592 p = add_history(FAILTEST_FCNTL, false, file, line, &call);
1594 if (should_fail(p)) {
1595 p->u.fcntl.ret = -1;
1596 if (p->u.fcntl.cmd == F_SETLK)
1602 p->u.fcntl.ret = fcntl(p->u.fcntl.fd, p->u.fcntl.cmd,
1603 &p->u.fcntl.arg.fl);
1604 if (p->u.fcntl.ret == -1)
1607 /* We don't handle anything else yet. */
1608 assert(p->u.fcntl.arg.fl.l_whence == SEEK_SET);
1609 locks = add_lock(locks,
1611 p->u.fcntl.arg.fl.l_start,
1612 end_of(p->u.fcntl.arg.fl.l_start,
1613 p->u.fcntl.arg.fl.l_len),
1614 p->u.fcntl.arg.fl.l_type);
1617 trace("fcntl on fd %i -> %i\n", fd, p->u.fcntl.ret);
1619 return p->u.fcntl.ret;
1622 static void cleanup_lseek(struct lseek_call *call, bool restore)
1625 trace("cleaning up lseek on fd %i -> %llu\n",
1626 call->fd, (long long)call->old_off);
1627 if (lseek(call->fd, call->old_off, SEEK_SET) != call->old_off)
1628 fwarn("Restoring lseek pointer failed");
1632 /* We trap this so we can undo it: we don't fail it. */
1633 off_t failtest_lseek(int fd, off_t offset, int whence, const char *file,
1636 struct failtest_call *p;
1637 struct lseek_call call;
1639 call.offset = offset;
1640 call.whence = whence;
1641 call.old_off = lseek(fd, 0, SEEK_CUR);
1643 p = add_history(FAILTEST_LSEEK, false, file, line, &call);
1646 /* Consume lseek from failpath. */
1651 p->u.lseek.ret = lseek(fd, offset, whence);
1653 if (p->u.lseek.ret != (off_t)-1)
1654 set_cleanup(p, cleanup_lseek, struct lseek_call);
1656 trace("lseek %s:%u on fd %i from %llu to %llu%s\n",
1657 file, line, fd, (long long)call.old_off, (long long)offset,
1658 whence == SEEK_CUR ? " (from current off)" :
1659 whence == SEEK_END ? " (from end)" :
1660 whence == SEEK_SET ? "" : " (invalid whence)");
1661 return p->u.lseek.ret;
1665 pid_t failtest_getpid(const char *file, unsigned line)
1667 /* You must call failtest_init first! */
1672 void failtest_init(int argc, char *argv[])
1676 orig_pid = getpid();
1678 warnfd = move_fd_to_high(dup(STDERR_FILENO));
1679 for (i = 1; i < argc; i++) {
1680 if (!strncmp(argv[i], "--failpath=", strlen("--failpath="))) {
1681 failpath = argv[i] + strlen("--failpath=");
1682 } else if (strcmp(argv[i], "--trace") == 0) {
1684 failtest_timeout_ms = -1;
1685 } else if (!strncmp(argv[i], "--debugpath=",
1686 strlen("--debugpath="))) {
1687 debugpath = argv[i] + strlen("--debugpath=");
1690 failtable_init(&failtable);
1694 bool failtest_has_failed(void)
1696 return control_fd != -1;
1699 void failtest_exit(int status)
1701 trace("failtest_exit with status %i\n", status);
1702 if (failtest_exit_check) {
1703 if (!failtest_exit_check(&history))
1704 child_fail(NULL, 0, "failtest_exit_check failed\n");
1707 failtest_cleanup(false, status);
projects / ccan / blob