162 lines
5.7 KiB
Plaintext
162 lines
5.7 KiB
Plaintext
Block I/O error injection using blkdebug
|
|
----------------------------------------
|
|
Copyright (C) 2014 Red Hat Inc
|
|
|
|
This work is licensed under the terms of the GNU GPL, version 2 or later. See
|
|
the COPYING file in the top-level directory.
|
|
|
|
The blkdebug block driver is a rule-based error injection engine. It can be
|
|
used to exercise error code paths in block drivers including ENOSPC (out of
|
|
space) and EIO.
|
|
|
|
This document gives an overview of the features available in blkdebug.
|
|
|
|
Background
|
|
----------
|
|
Block drivers have many error code paths that handle I/O errors. Image formats
|
|
are especially complex since metadata I/O errors during cluster allocation or
|
|
while updating tables happen halfway through request processing and require
|
|
discipline to keep image files consistent.
|
|
|
|
Error injection allows test cases to trigger I/O errors at specific points.
|
|
This way, all error paths can be tested to make sure they are correct.
|
|
|
|
Rules
|
|
-----
|
|
The blkdebug block driver takes a list of "rules" that tell the error injection
|
|
engine when to fail an I/O request.
|
|
|
|
Each I/O request is evaluated against the rules. If a rule matches the request
|
|
then its "action" is executed.
|
|
|
|
Rules can be placed in a configuration file; the configuration file
|
|
follows the same .ini-like format used by QEMU's -readconfig option, and
|
|
each section of the file represents a rule.
|
|
|
|
The following configuration file defines a single rule:
|
|
|
|
$ cat blkdebug.conf
|
|
[inject-error]
|
|
event = "read_aio"
|
|
errno = "28"
|
|
|
|
This rule fails all aio read requests with ENOSPC (28). Note that the errno
|
|
value depends on the host. On Linux, see
|
|
/usr/include/asm-generic/errno-base.h for errno values.
|
|
|
|
Invoke QEMU as follows:
|
|
|
|
$ qemu-system-x86_64
|
|
-drive if=none,cache=none,file=blkdebug:blkdebug.conf:test.img,id=drive0 \
|
|
-device virtio-blk-pci,drive=drive0,id=virtio-blk-pci0
|
|
|
|
Rules support the following attributes:
|
|
|
|
event - which type of operation to match (e.g. read_aio, write_aio,
|
|
flush_to_os, flush_to_disk). See the "Events" section for
|
|
information on events.
|
|
|
|
state - (optional) the engine must be in this state number in order for this
|
|
rule to match. See the "State transitions" section for information
|
|
on states.
|
|
|
|
errno - the numeric errno value to return when a request matches this rule.
|
|
The errno values depend on the host since the numeric values are not
|
|
standarized in the POSIX specification.
|
|
|
|
sector - (optional) a sector number that the request must overlap in order to
|
|
match this rule
|
|
|
|
once - (optional, default "off") only execute this action on the first
|
|
matching request
|
|
|
|
immediately - (optional, default "off") return a NULL BlockAIOCB
|
|
pointer and fail without an errno instead. This
|
|
exercises the code path where BlockAIOCB fails and the
|
|
caller's BlockCompletionFunc is not invoked.
|
|
|
|
Events
|
|
------
|
|
Block drivers provide information about the type of I/O request they are about
|
|
to make so rules can match specific types of requests. For example, the qcow2
|
|
block driver tells blkdebug when it accesses the L1 table so rules can match
|
|
only L1 table accesses and not other metadata or guest data requests.
|
|
|
|
The core events are:
|
|
|
|
read_aio - guest data read
|
|
|
|
write_aio - guest data write
|
|
|
|
flush_to_os - write out unwritten block driver state (e.g. cached metadata)
|
|
|
|
flush_to_disk - flush the host block device's disk cache
|
|
|
|
See block/blkdebug.c:event_names[] for the full list of events. You may need
|
|
to grep block driver source code to understand the meaning of specific events.
|
|
|
|
State transitions
|
|
-----------------
|
|
There are cases where more power is needed to match a particular I/O request in
|
|
a longer sequence of requests. For example:
|
|
|
|
write_aio
|
|
flush_to_disk
|
|
write_aio
|
|
|
|
How do we match the 2nd write_aio but not the first? This is where state
|
|
transitions come in.
|
|
|
|
The error injection engine has an integer called the "state" that always starts
|
|
initialized to 1. The state integer is internal to blkdebug and cannot be
|
|
observed from outside but rules can interact with it for powerful matching
|
|
behavior.
|
|
|
|
Rules can be conditional on the current state and they can transition to a new
|
|
state.
|
|
|
|
When a rule's "state" attribute is non-zero then the current state must equal
|
|
the attribute in order for the rule to match.
|
|
|
|
For example, to match the 2nd write_aio:
|
|
|
|
[set-state]
|
|
event = "write_aio"
|
|
state = "1"
|
|
new_state = "2"
|
|
|
|
[inject-error]
|
|
event = "write_aio"
|
|
state = "2"
|
|
errno = "5"
|
|
|
|
The first write_aio request matches the set-state rule and transitions from
|
|
state 1 to state 2. Once state 2 has been entered, the set-state rule no
|
|
longer matches since it requires state 1. But the inject-error rule now
|
|
matches the next write_aio request and injects EIO (5).
|
|
|
|
State transition rules support the following attributes:
|
|
|
|
event - which type of operation to match (e.g. read_aio, write_aio,
|
|
flush_to_os, flush_to_disk). See the "Events" section for
|
|
information on events.
|
|
|
|
state - (optional) the engine must be in this state number in order for this
|
|
rule to match
|
|
|
|
new_state - transition to this state number
|
|
|
|
Suspend and resume
|
|
------------------
|
|
Exercising code paths in block drivers may require specific ordering amongst
|
|
concurrent requests. The "breakpoint" feature allows requests to be halted on
|
|
a blkdebug event and resumed later. This makes it possible to achieve
|
|
deterministic ordering when multiple requests are in flight.
|
|
|
|
Breakpoints on blkdebug events are associated with a user-defined "tag" string.
|
|
This tag serves as an identifier by which the request can be resumed at a later
|
|
point.
|
|
|
|
See the qemu-io(1) break, resume, remove_break, and wait_break commands for
|
|
details.
|