llvm_nvme_fuzz: raise SIGSEGV if user Ctrl-C

If an input causes a hang, the fuzzing thread won't terminate itself, since it is waiting for all outstanding commands to complete. So raise a SIGSEGV in the SPDK shutdown handler instead, which will cause the fuzzer thread to exit as well as generating an input file of the hung input. Signed-off-by: Jim Harris <james.r.harris@intel.com> Change-Id: I5753977740e27ca7827222b9e3cee1e939ef31a1 Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12407 Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Changpeng Liu <changpeng.liu@intel.com> Reviewed-by: <yifan.bian@intel.com> Reviewed-by: Dong Yi <dongx.yi@intel.com>
2022-04-26 21:56:48 +00:00 · 2022-04-26 21:56:48 +00:00 · 17dd532ff7
commit 17dd532ff7
parent 0674ead739
1 changed files with 12 additions and 10 deletions
--- a/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
+++ b/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
@ -46,7 +46,6 @@ static int32_t g_time_in_sec = 10;
 static char *g_corpus_dir;
 static pthread_t g_fuzz_td;
 static pthread_t g_reactor_td;
-static bool g_shutdown;
 static bool g_in_fuzzer;

 #define MAX_COMMANDS 5
@ -543,7 +542,7 @@ run_cmds(uint32_t queue_depth)
 		}
 	}

-	while (outstanding > 0 && !g_shutdown) {
+	while (outstanding > 0) {
 		spdk_nvme_qpair_process_completions(g_io_qpair, 0);
 		spdk_nvme_ctrlr_process_admin_completions(g_ctrlr);
 	}
@ -577,10 +576,6 @@ static int TestOneInput(const uint8_t *data, size_t size)
 		spdk_nvme_detach_poll(detach_ctx);
 	}

-	if (g_shutdown) {
-		pthread_exit(NULL);
-	}
-
 	return 0;
 }

@ -710,10 +705,17 @@ nvme_fuzz_parse(int ch, char *arg)
 static void
 fuzz_shutdown(void)
 {
-	g_shutdown = true;
-	/* Wait for the fuzz thread to exit before calling spdk_app_stop(). */
-	pthread_join(g_fuzz_td, NULL);
-	spdk_app_stop(-1);
+	/* If the user terminates the fuzzer prematurely, it is likely due
+	 * to an input hang.  So raise a SIGSEGV signal which will cause the
+	 * fuzzer to generate a crash file for the last input.
+	 *
+	 * Note that the fuzzer will always generate a crash file, even if
+	 * we get our TestOneInput() function (which is called by the fuzzer)
+	 * to pthread_exit().  So just doing the SIGSEGV here in all cases is
+	 * simpler than trying to differentiate between hung inputs and
+	 * an impatient user.
+	 */
+	pthread_kill(g_fuzz_td, SIGSEGV);
 }

 int