From 17dd532ff7054f4ae56c153c608138497f0842ac Mon Sep 17 00:00:00 2001 From: Jim Harris Date: Tue, 26 Apr 2022 21:56:48 +0000 Subject: [PATCH] llvm_nvme_fuzz: raise SIGSEGV if user Ctrl-C If an input causes a hang, the fuzzing thread won't terminate itself, since it is waiting for all outstanding commands to complete. So raise a SIGSEGV in the SPDK shutdown handler instead, which will cause the fuzzer thread to exit as well as generating an input file of the hung input. Signed-off-by: Jim Harris Change-Id: I5753977740e27ca7827222b9e3cee1e939ef31a1 Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12407 Tested-by: SPDK CI Jenkins Community-CI: Broadcom CI Reviewed-by: Ben Walker Reviewed-by: Changpeng Liu Reviewed-by: Reviewed-by: Dong Yi --- test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c b/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c index c2bf2c066..550364ea7 100644 --- a/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c +++ b/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c @@ -46,7 +46,6 @@ static int32_t g_time_in_sec = 10; static char *g_corpus_dir; static pthread_t g_fuzz_td; static pthread_t g_reactor_td; -static bool g_shutdown; static bool g_in_fuzzer; #define MAX_COMMANDS 5 @@ -543,7 +542,7 @@ run_cmds(uint32_t queue_depth) } } - while (outstanding > 0 && !g_shutdown) { + while (outstanding > 0) { spdk_nvme_qpair_process_completions(g_io_qpair, 0); spdk_nvme_ctrlr_process_admin_completions(g_ctrlr); } @@ -577,10 +576,6 @@ static int TestOneInput(const uint8_t *data, size_t size) spdk_nvme_detach_poll(detach_ctx); } - if (g_shutdown) { - pthread_exit(NULL); - } - return 0; } @@ -710,10 +705,17 @@ nvme_fuzz_parse(int ch, char *arg) static void fuzz_shutdown(void) { - g_shutdown = true; - /* Wait for the fuzz thread to exit before calling spdk_app_stop(). */ - pthread_join(g_fuzz_td, NULL); - spdk_app_stop(-1); + /* If the user terminates the fuzzer prematurely, it is likely due + * to an input hang. So raise a SIGSEGV signal which will cause the + * fuzzer to generate a crash file for the last input. + * + * Note that the fuzzer will always generate a crash file, even if + * we get our TestOneInput() function (which is called by the fuzzer) + * to pthread_exit(). So just doing the SIGSEGV here in all cases is + * simpler than trying to differentiate between hung inputs and + * an impatient user. + */ + pthread_kill(g_fuzz_td, SIGSEGV); } int