Re: [PATCH] fault-inject: rust: add a Rust API for fault-injection

[Gary Guo]

On Sun Feb 15, 2026 at 9:30 PM GMT, Andreas Hindborg wrote:
> Add a way for Rust code to create fault-injection control points. The
> control points can be attached to a configfs tree as default groups and
> controlled from user space. On the kernel side, provide a `should_fail`
> method to query if an operation should fail.
>
> Cc: Akinobu Mita <akinobu.mita@xxxxxxxxx>
> Signed-off-by: Andreas Hindborg <a.hindborg@xxxxxxxxxx>
> ---
> This patch is a dependency for the rust null block driver fault
> injection feature.
> ---
>  rust/bindings/bindings_helper.h |  1 +
>  rust/kernel/fault_injection.rs  | 88 +++++++++++++++++++++++++++++++++++++++++
>  rust/kernel/lib.rs              |  2 +
>  3 files changed, 91 insertions(+)
>
> diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
> index a067038b4b422..87cbaf69d330e 100644
> --- a/rust/bindings/bindings_helper.h
> +++ b/rust/bindings/bindings_helper.h
> @@ -54,6 +54,7 @@
>  #include <linux/errname.h>
>  #include <linux/ethtool.h>
>  #include <linux/fdtable.h>
> +#include <linux/fault-inject.h>
>  #include <linux/file.h>
>  #include <linux/firmware.h>
>  #include <linux/interrupt.h>
> diff --git a/rust/kernel/fault_injection.rs b/rust/kernel/fault_injection.rs
> new file mode 100644
> index 0000000000000..e9afa3ca6cf31
> --- /dev/null
> +++ b/rust/kernel/fault_injection.rs
> @@ -0,0 +1,88 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Fault injection capabilities infrastructure.
> +//!
> +//! This module provides a Rust API for the kernel fault injection framework.
> +//! Fault injection allows simulation of failures in kernel code paths to test
> +//! error handling.
> +//!
> +//! [`FaultConfig`] represents a fault injection control point that can be:
> +//!
> +//! - Attached to a configfs tree as a default group, allowing userspace control
> +//!   of fault injection parameters.
> +//! - Queried via [`FaultConfig::should_fail`] to determine if an operation
> +//!   should be simulated as failing.
> +//!
> +//! Please see the [fault injection documentation] for details on configuring
> +//! and using fault injection from userspace.
> +//!
> +//! C header: [`include/linux/fault-inject.h`](srctree/include/linux/fault-inject.h)
> +//!
> +//! [fault injection documentation]: srctree/Documentation/fault-injection/fault-injection.rst
> +
> +use crate::{prelude::*, types::Opaque};
> +
> +/// A fault injection control point.
> +///
> +/// This type wraps a `struct fault_config` from the C fault injection
> +/// framework. It provides a way to create controllable fault injection points
> +/// that can be configured via configfs.
> +///
> +/// When attached to a configfs subsystem as a default group, userspace can
> +/// configure fault injection parameters through the configfs interface. The
> +/// kernel code can then query [`FaultConfig::should_fail`] to determine
> +/// whether to simulate a failure.
> +///
> +/// # Invariants
> +///
> +/// - `self.inner` is always a valid `struct fault_config`.
> +#[pin_data]
> +pub struct FaultConfig {
> +    #[pin]
> +    inner: Opaque<bindings::fault_config>,
> +}
> +
> +impl FaultConfig {
> +    /// Create a new [`FaultConfig`].
> +    ///
> +    /// If attached to a configfs group, this [`FaultConfig`] will appear as a directory named
> +    /// `name`.
> +    pub fn new(name: &CStr) -> impl PinInit<Self> + use<'_> {
> +        pin_init!(Self {
> +            // INVARIANT: `self.inner` is initialized in ffi_init.
> +            inner <- Opaque::zeroed().chain(|inner| {
> +                let ptr = inner.get();
> +                // SAFETY: `ptr` points to a zeroed allocation and the second argument is null
> +                // terminated string.
> +                unsafe { bindings::fault_config_init( ptr, name.as_ptr().cast()) };
> +                Ok(())
> +            }),
> +        })
> +    }
> +}
> +
> +impl kernel::configfs::CDefaultGroup for FaultConfig {
> +    fn group_ptr(&self) -> *mut bindings::config_group {
> +        // SAFETY: By type invariant, `self.inner` is valid.
> +        unsafe { &raw mut (*self.inner.get()).group }
> +    }
> +}
> +
> +impl FaultConfig {
> +    /// Query for failure.
> +    ///
> +    /// Returns true if the operation should fail.

#[inline]

> +    pub fn should_fail(&self, size: isize) -> bool {

What is the meaning of a negative `size` here?

I did a quick grep on the C codebase and cannot find a case where negative
number is used here. It is either number of bytes for allocations, or `1` for
when injecting based on number of operations performed.

I think it's also worth explaining about the meaning of size here a bit more in
the doc comments.

Best,
Gary

> +        // SAFETY: By type invariant, self is always valid.
> +        let attr = unsafe { &raw const (*self.inner.get()).attr };
> +
> +        // SAFETY: By type invariant, self is always valid.
> +        unsafe { bindings::should_fail(attr.cast_mut(), size) }
> +    }
> +}
> +
> +// SAFETY: FaultConfig can be used from any task.
> +unsafe impl Send for FaultConfig {}
> +
> +// SAFETY: FaultConfig applies internal synchronization.
> +unsafe impl Sync for FaultConfig {}
> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
> index f812cf1200428..1b8f1a216a268 100644
> --- a/rust/kernel/lib.rs
> +++ b/rust/kernel/lib.rs
> @@ -92,6 +92,8 @@
>  #[cfg(CONFIG_DRM = "y")]
>  pub mod drm;
>  pub mod error;
> +#[cfg(all(CONFIG_FAULT_INJECTION, CONFIG_FAULT_INJECTION_CONFIGFS))]
> +pub mod fault_injection;
>  pub mod faux;
>  #[cfg(CONFIG_RUST_FW_LOADER_ABSTRACTIONS)]
>  pub mod firmware;
>
> ---
> base-commit: e9ec05addd1a067fc7cb218f20ecdc1b1b0898c0
> change-id: 20260215-rust-fault-inject-bc62f1083502
> prerequisite-change-id: 20260215-configfs-c-default-groups-bdb0a44633a6:v1
> prerequisite-patch-id: 5c82dc0deb0768531d2cdb24ac5e92857c9e76a7
>
> Best regards,