See https://lkml.org/lkml/2020/4/13/870 for motivation. copy_to/from_user is another very common set of infrastructure functions that can fail. It would be useful to support them in the fault injection facility for testing purposes. As opposed to most other failure sites, these are easily triggerable by user, so any bugs uncovered are higher-severity. copy_to/from_user return not just an error, but also number of bytes that were not copied. While returning different number of values may result in new code paths/bugs, this does not seem to be widely used. I found one case where the returned number is really used -- kfifo_copy_from_user. But generally all callers just check for success/failure. So I don't think it's worth supporting in systematic mode. These subtler cases should be tested with unit-tests. Need to be careful to handle all variations of copy_to/from_user: put/get, with underscores, etc.
Adding this capability to FAULT_INJECTION will make syzkaller auto-magically systematically test all failure sites.
Also see related: FAULT_INJECTION: fail LSM hooks https://bugzilla.kernel.org/show_bug.cgi?id=208607
This is implemented by Albert van der Linde: 2c739ced5886 lib, include/linux: add usercopy failure capability