|  | Block I/O error injection using ``blkdebug`` | 
|  | ============================================ | 
|  |  | 
|  | .. | 
|  | Copyright (C) 2014-2015 Red Hat Inc | 
|  |  | 
|  | This work is licensed under the terms of the GNU GPL, version 2 or later.  See | 
|  | the COPYING file in the top-level directory. | 
|  |  | 
|  | The ``blkdebug`` block driver is a rule-based error injection engine.  It can be | 
|  | used to exercise error code paths in block drivers including ``ENOSPC`` (out of | 
|  | space) and ``EIO``. | 
|  |  | 
|  | This document gives an overview of the features available in ``blkdebug``. | 
|  |  | 
|  | Background | 
|  | ---------- | 
|  | Block drivers have many error code paths that handle I/O errors.  Image formats | 
|  | are especially complex since metadata I/O errors during cluster allocation or | 
|  | while updating tables happen halfway through request processing and require | 
|  | discipline to keep image files consistent. | 
|  |  | 
|  | Error injection allows test cases to trigger I/O errors at specific points. | 
|  | This way, all error paths can be tested to make sure they are correct. | 
|  |  | 
|  | Rules | 
|  | ----- | 
|  | The ``blkdebug`` block driver takes a list of "rules" that tell the error injection | 
|  | engine when to fail an I/O request. | 
|  |  | 
|  | Each I/O request is evaluated against the rules.  If a rule matches the request | 
|  | then its "action" is executed. | 
|  |  | 
|  | Rules can be placed in a configuration file; the configuration file | 
|  | follows the same .ini-like format used by QEMU's ``-readconfig`` option, and | 
|  | each section of the file represents a rule. | 
|  |  | 
|  | The following configuration file defines a single rule:: | 
|  |  | 
|  | $ cat blkdebug.conf | 
|  | [inject-error] | 
|  | event = "read_aio" | 
|  | errno = "28" | 
|  |  | 
|  | This rule fails all aio read requests with ``ENOSPC`` (28).  Note that the errno | 
|  | value depends on the host.  On Linux, see | 
|  | ``/usr/include/asm-generic/errno-base.h`` for errno values. | 
|  |  | 
|  | Invoke QEMU as follows:: | 
|  |  | 
|  | $ qemu-system-x86_64 | 
|  | -drive if=none,cache=none,file=blkdebug:blkdebug.conf:test.img,id=drive0 \ | 
|  | -device virtio-blk-pci,drive=drive0,id=virtio-blk-pci0 | 
|  |  | 
|  | Rules support the following attributes: | 
|  |  | 
|  | ``event`` | 
|  | which type of operation to match (e.g. ``read_aio``, ``write_aio``, | 
|  | ``flush_to_os``, ``flush_to_disk``).  See `Events`_ for | 
|  | information on events. | 
|  |  | 
|  | ``state`` | 
|  | (optional) the engine must be in this state number in order for this | 
|  | rule to match.  See `State transitions`_ for information | 
|  | on states. | 
|  |  | 
|  | ``errno`` | 
|  | the numeric errno value to return when a request matches this rule. | 
|  | The errno values depend on the host since the numeric values are not | 
|  | standardized in the POSIX specification. | 
|  |  | 
|  | ``sector`` | 
|  | (optional) a sector number that the request must overlap in order to | 
|  | match this rule | 
|  |  | 
|  | ``once`` | 
|  | (optional, default ``off``) only execute this action on the first | 
|  | matching request | 
|  |  | 
|  | ``immediately`` | 
|  | (optional, default ``off``) return a NULL ``BlockAIOCB`` | 
|  | pointer and fail without an errno instead.  This | 
|  | exercises the code path where ``BlockAIOCB`` fails and the | 
|  | caller's ``BlockCompletionFunc`` is not invoked. | 
|  |  | 
|  | Events | 
|  | ------ | 
|  | Block drivers provide information about the type of I/O request they are about | 
|  | to make so rules can match specific types of requests.  For example, the ``qcow2`` | 
|  | block driver tells ``blkdebug`` when it accesses the L1 table so rules can match | 
|  | only L1 table accesses and not other metadata or guest data requests. | 
|  |  | 
|  | The core events are: | 
|  |  | 
|  | ``read_aio`` | 
|  | guest data read | 
|  |  | 
|  | ``write_aio`` | 
|  | guest data write | 
|  |  | 
|  | ``flush_to_os`` | 
|  | write out unwritten block driver state (e.g. cached metadata) | 
|  |  | 
|  | ``flush_to_disk`` | 
|  | flush the host block device's disk cache | 
|  |  | 
|  | See ``qapi/block-core.json:BlkdebugEvent`` for the full list of events. | 
|  | You may need to grep block driver source code to understand the | 
|  | meaning of specific events. | 
|  |  | 
|  | State transitions | 
|  | ----------------- | 
|  | There are cases where more power is needed to match a particular I/O request in | 
|  | a longer sequence of requests.  For example:: | 
|  |  | 
|  | write_aio | 
|  | flush_to_disk | 
|  | write_aio | 
|  |  | 
|  | How do we match the 2nd ``write_aio`` but not the first?  This is where state | 
|  | transitions come in. | 
|  |  | 
|  | The error injection engine has an integer called the "state" that always starts | 
|  | initialized to 1.  The state integer is internal to ``blkdebug`` and cannot be | 
|  | observed from outside but rules can interact with it for powerful matching | 
|  | behavior. | 
|  |  | 
|  | Rules can be conditional on the current state and they can transition to a new | 
|  | state. | 
|  |  | 
|  | When a rule's "state" attribute is non-zero then the current state must equal | 
|  | the attribute in order for the rule to match. | 
|  |  | 
|  | For example, to match the 2nd write_aio:: | 
|  |  | 
|  | [set-state] | 
|  | event = "write_aio" | 
|  | state = "1" | 
|  | new_state = "2" | 
|  |  | 
|  | [inject-error] | 
|  | event = "write_aio" | 
|  | state = "2" | 
|  | errno = "5" | 
|  |  | 
|  | The first ``write_aio`` request matches the ``set-state`` rule and transitions from | 
|  | state 1 to state 2.  Once state 2 has been entered, the ``set-state`` rule no | 
|  | longer matches since it requires state 1.  But the ``inject-error`` rule now | 
|  | matches the next ``write_aio`` request and injects ``EIO`` (5). | 
|  |  | 
|  | State transition rules support the following attributes: | 
|  |  | 
|  | ``event`` | 
|  | which type of operation to match (e.g. ``read_aio``, ``write_aio``, | 
|  | ``flush_to_os`, ``flush_to_disk``).  See `Events`_ for | 
|  | information on events. | 
|  |  | 
|  | ``state`` | 
|  | (optional) the engine must be in this state number in order for this | 
|  | rule to match | 
|  |  | 
|  | ``new_state`` | 
|  | transition to this state number | 
|  |  | 
|  | Suspend and resume | 
|  | ------------------ | 
|  | Exercising code paths in block drivers may require specific ordering amongst | 
|  | concurrent requests.  The "breakpoint" feature allows requests to be halted on | 
|  | a ``blkdebug`` event and resumed later.  This makes it possible to achieve | 
|  | deterministic ordering when multiple requests are in flight. | 
|  |  | 
|  | Breakpoints on ``blkdebug`` events are associated with a user-defined ``tag`` string. | 
|  | This tag serves as an identifier by which the request can be resumed at a later | 
|  | point. | 
|  |  | 
|  | See the ``qemu-io(1)`` ``break``, ``resume``, ``remove_break``, and ``wait_break`` | 
|  | commands for details. |