xref: /openbmc/qemu/docs/devel/blkdebug.txt (revision 1be82d89)
1Block I/O error injection using blkdebug
2----------------------------------------
3Copyright (C) 2014-2015 Red Hat Inc
4
5This work is licensed under the terms of the GNU GPL, version 2 or later.  See
6the COPYING file in the top-level directory.
7
8The blkdebug block driver is a rule-based error injection engine.  It can be
9used to exercise error code paths in block drivers including ENOSPC (out of
10space) and EIO.
11
12This document gives an overview of the features available in blkdebug.
13
14Background
15----------
16Block drivers have many error code paths that handle I/O errors.  Image formats
17are especially complex since metadata I/O errors during cluster allocation or
18while updating tables happen halfway through request processing and require
19discipline to keep image files consistent.
20
21Error injection allows test cases to trigger I/O errors at specific points.
22This way, all error paths can be tested to make sure they are correct.
23
24Rules
25-----
26The blkdebug block driver takes a list of "rules" that tell the error injection
27engine when to fail an I/O request.
28
29Each I/O request is evaluated against the rules.  If a rule matches the request
30then its "action" is executed.
31
32Rules can be placed in a configuration file; the configuration file
33follows the same .ini-like format used by QEMU's -readconfig option, and
34each section of the file represents a rule.
35
36The following configuration file defines a single rule:
37
38  $ cat blkdebug.conf
39  [inject-error]
40  event = "read_aio"
41  errno = "28"
42
43This rule fails all aio read requests with ENOSPC (28).  Note that the errno
44value depends on the host.  On Linux, see
45/usr/include/asm-generic/errno-base.h for errno values.
46
47Invoke QEMU as follows:
48
49  $ qemu-system-x86_64
50        -drive if=none,cache=none,file=blkdebug:blkdebug.conf:test.img,id=drive0 \
51        -device virtio-blk-pci,drive=drive0,id=virtio-blk-pci0
52
53Rules support the following attributes:
54
55  event - which type of operation to match (e.g. read_aio, write_aio,
56          flush_to_os, flush_to_disk).  See the "Events" section for
57          information on events.
58
59  state - (optional) the engine must be in this state number in order for this
60          rule to match.  See the "State transitions" section for information
61          on states.
62
63  errno - the numeric errno value to return when a request matches this rule.
64          The errno values depend on the host since the numeric values are not
65          standarized in the POSIX specification.
66
67  sector - (optional) a sector number that the request must overlap in order to
68           match this rule
69
70  once - (optional, default "off") only execute this action on the first
71         matching request
72
73  immediately - (optional, default "off") return a NULL BlockAIOCB
74                pointer and fail without an errno instead.  This
75                exercises the code path where BlockAIOCB fails and the
76                caller's BlockCompletionFunc is not invoked.
77
78Events
79------
80Block drivers provide information about the type of I/O request they are about
81to make so rules can match specific types of requests.  For example, the qcow2
82block driver tells blkdebug when it accesses the L1 table so rules can match
83only L1 table accesses and not other metadata or guest data requests.
84
85The core events are:
86
87  read_aio - guest data read
88
89  write_aio - guest data write
90
91  flush_to_os - write out unwritten block driver state (e.g. cached metadata)
92
93  flush_to_disk - flush the host block device's disk cache
94
95See qapi/block-core.json:BlkdebugEvent for the full list of events.
96You may need to grep block driver source code to understand the
97meaning of specific events.
98
99State transitions
100-----------------
101There are cases where more power is needed to match a particular I/O request in
102a longer sequence of requests.  For example:
103
104  write_aio
105  flush_to_disk
106  write_aio
107
108How do we match the 2nd write_aio but not the first?  This is where state
109transitions come in.
110
111The error injection engine has an integer called the "state" that always starts
112initialized to 1.  The state integer is internal to blkdebug and cannot be
113observed from outside but rules can interact with it for powerful matching
114behavior.
115
116Rules can be conditional on the current state and they can transition to a new
117state.
118
119When a rule's "state" attribute is non-zero then the current state must equal
120the attribute in order for the rule to match.
121
122For example, to match the 2nd write_aio:
123
124  [set-state]
125  event = "write_aio"
126  state = "1"
127  new_state = "2"
128
129  [inject-error]
130  event = "write_aio"
131  state = "2"
132  errno = "5"
133
134The first write_aio request matches the set-state rule and transitions from
135state 1 to state 2.  Once state 2 has been entered, the set-state rule no
136longer matches since it requires state 1.  But the inject-error rule now
137matches the next write_aio request and injects EIO (5).
138
139State transition rules support the following attributes:
140
141  event - which type of operation to match (e.g. read_aio, write_aio,
142          flush_to_os, flush_to_disk).  See the "Events" section for
143          information on events.
144
145  state - (optional) the engine must be in this state number in order for this
146          rule to match
147
148  new_state - transition to this state number
149
150Suspend and resume
151------------------
152Exercising code paths in block drivers may require specific ordering amongst
153concurrent requests.  The "breakpoint" feature allows requests to be halted on
154a blkdebug event and resumed later.  This makes it possible to achieve
155deterministic ordering when multiple requests are in flight.
156
157Breakpoints on blkdebug events are associated with a user-defined "tag" string.
158This tag serves as an identifier by which the request can be resumed at a later
159point.
160
161See the qemu-io(1) break, resume, remove_break, and wait_break commands for
162details.
163