2 .\" Copyright (c) 2009 Isilon Inc http://www.isilon.com/
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice(s), this list of conditions and the following disclaimer as
9 .\" the first lines of this file unmodified other than the possible
10 .\" addition of one or more copyright notices.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice(s), this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
15 .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY
16 .\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 .\" DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE LIABLE FOR ANY
19 .\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 .\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
33 .Nm KFAIL_POINT_CODE ,
34 .Nm KFAIL_POINT_CODE_FLAGS ,
35 .Nm KFAIL_POINT_CODE_COND ,
36 .Nm KFAIL_POINT_RETURN ,
37 .Nm KFAIL_POINT_RETURN_VOID ,
38 .Nm KFAIL_POINT_ERROR ,
39 .Nm KFAIL_POINT_GOTO ,
40 .Nm KFAIL_POINT_SLEEP_CALLBACKS ,
46 .Fn KFAIL_POINT_CODE "parent" "name" "code"
47 .Fn KFAIL_POINT_CODE_FLAGS "parent" "name" "flags" "code"
48 .Fn KFAIL_POINT_CODE_COND "parent" "name" "cond" "flags" "code"
49 .Fn KFAIL_POINT_RETURN "parent" "name"
50 .Fn KFAIL_POINT_RETURN_VOID "parent" "name"
51 .Fn KFAIL_POINT_ERROR "parent" "name" "error_var"
52 .Fn KFAIL_POINT_GOTO "parent" "name" "error_var" "label"
53 .Fn KFAIL_POINT_SLEEP_CALLBACKS "parent" "name" "pre_func" "pre_arg" "post_func" "post_arg" "code"
55 Fail points are used to add code points where errors may be injected
56 in a user controlled fashion.
57 Fail points provide a convenient wrapper around user-provided error
58 injection code, providing a
60 MIB, and a parser for that MIB that describes how the error
61 injection code should fire.
63 The base fail point macro is
67 is a sysctl tree (frequently
69 for kernel fail points, but various subsystems may wish to provide
70 their own fail point trees), and
72 is the name of the MIB in that tree, and
74 is the error injection code.
77 argument does not require braces, but it is considered good style to
78 use braces for any multi-line code arguments.
81 argument, the evaluation of
85 value set in the sysctl MIB.
88 .Fn KFAIL_POINT_CODE_FLAGS
91 argument which controls the fail point's behaviour.
92 This can be used to e.g., mark the fail point's context as non-sleepable,
95 action to be coerced to a busy wait.
96 The supported flags are:
97 .Bl -ohang -offset indent
98 .It FAIL_POINT_USE_TIMEOUT_PATH
99 Rather than sleeping on a
101 call, just fire the post-sleep function after a timeout fires.
102 .It FAIL_POINT_NONSLEEPABLE
103 Mark the fail point as being in a non-sleepable context, which coerces
111 .Fn KFAIL_POINT_CODE_COND
114 argument, which allows you to set the condition under which the fail point's
116 This is equivalent to:
119 KFAIL_POINT_CODE_FLAGS(...);
128 macros are wrappers around common error injection paths:
130 .It Fn KFAIL_POINT_RETURN parent name
132 .Sy KFAIL_POINT_CODE(..., return RETURN_VALUE)
133 .It Fn KFAIL_POINT_RETURN_VOID parent name
135 .Sy KFAIL_POINT_CODE(..., return)
136 .It Fn KFAIL_POINT_ERROR parent name error_var
138 .Sy KFAIL_POINT_CODE(..., error_var = RETURN_VALUE)
139 .It Fn KFAIL_POINT_GOTO parent name error_var label
141 .Sy KFAIL_POINT_CODE(..., { error_var = RETURN_VALUE; goto label;})
146 macros add sysctl MIBs where specified.
147 Many base kernel MIBs can be found in the
149 tree (referenced in code by
152 The sysctl variable may be set in a number of ways:
154 [<pct>%][<cnt>*]<type>[(args...)][-><more terms>]
157 The <type> argument specifies which action to take; it can be one of:
158 .Bl -tag -width ".Dv return"
160 Take no action (does not trigger fail point code)
162 Trigger fail point code with specified argument
164 Sleep the specified number of milliseconds
168 Break into the debugger, or trap if there is no debugger support
170 Print that the fail point executed
172 Threads sleep at the fail point until the fail point is set to
175 Thread yields the cpu when the fail point is evaluated
177 Similar to sleep, but busy waits the cpu.
178 (Useful in non-sleepable contexts.)
181 The <pct>% and <cnt>* modifiers prior to <type> control when
183 The <pct>% form (e.g. "1.2%") can be used to specify a
184 probability that <type> will execute.
185 This is a decimal in the range (0, 100] which can specify up to
187 The <cnt>* form (e.g. "5*") can be used to specify the number of
188 times <type> should be executed before this <term> is disabled.
189 Only the last probability and the last count are used if multiple
190 are specified, i.e. "1.2%2%" is the same as "2%".
191 When both a probability and a count are specified, the probability
192 is evaluated before the count, i.e. "2%5*" means "2% of the time,
193 but only 5 times total".
195 The operator -> can be used to express cascading terms.
196 If you specify <term1>-><term2>, it means that if <term1> does not
198 <term2> is evaluated.
199 For the purpose of this operator, the return() and print() operators
200 are the only types that cascade.
201 A return() term only cascades if the code executes, and a print()
202 term only cascades when passed a non-zero argument.
203 A pid can optionally be specified.
204 The fail point term is only executed when invoked by a process with a
208 .It Sy sysctl debug.fail_point.foobar="2.1%return(5)"
209 21/1000ths of the time, execute
211 with RETURN_VALUE set to 5.
212 .It Sy sysctl debug.fail_point.foobar="2%return(5)->5%return(22)"
213 2/100ths of the time, execute
215 with RETURN_VALUE set to 5.
216 If that does not happen, 5% of the time execute
218 with RETURN_VALUE set to 22.
219 .It Sy sysctl debug.fail_point.foobar="5*return(5)->0.1%return(22)"
220 For 5 times, return 5.
221 After that, 1/1000th of the time, return 22.
222 .It Sy sysctl debug.fail_point.foobar="0.1%5*return(5)"
223 Return 5 for 1 in 1000 executions, but only 5 times total.
224 .It Sy sysctl debug.fail_point.foobar="1%*sleep(50)"
225 1/100th of the time, sleep 50ms.
226 .It Sy sysctl debug.fail_point.foobar="1*return(5)[pid 1234]"
227 Return 5 once, when pid 1234 executes the fail point.
231 This manual page was written by
233 .An Matthew Bryan Aq Mt matthew.bryan@isilon.com
236 .An Zach Loafman Aq Mt zml@FreeBSD.org .
238 It is easy to shoot yourself in the foot by setting fail points too
239 aggressively or setting too many in combination.
242 to fail consistently is potentially harmful to uptime.
246 sysctl setting may not be appropriate in all situations.
249 does not verify whether the context is appropriate for calling
251 You can force it to evaluate a
255 action by specifying the
256 .Sy FAIL_POINT_NONSLEEPABLE
257 flag at the point the fail point is declared.