From 2df6ee9845b897f1c458edca6e39cfba7614b460 Mon Sep 17 00:00:00 2001
From: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Date: Thu, 8 Dec 2022 18:37:07 +0100
Subject: [PATCH] fuzz/llvm: provide a prefix to use when saving artifacts

Save crash files and other artifacts in `$output_dir/llvm/`

Signed-off-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Change-Id: I2ff82b414592cc492b79c9178b7257b2e87440b5
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/15827
Reviewed-by: Michal Berger <michal.berger@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c | 18 +++++++++++++++++-
 test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c | 17 ++++++++++++++++-
 test/fuzz/llvm/nvmf/run.sh                    |  1 +
 test/fuzz/llvm/vfio/run.sh                    |  1 +
 4 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c b/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
index 10c6db5e5..2c787aa4f 100644
--- a/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
+++ b/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
@@ -15,6 +15,7 @@
 
 static const uint8_t *g_data;
 static bool g_trid_specified = false;
+static char *g_artifact_prefix;
 static int32_t g_time_in_sec = 10;
 static char *g_corpus_dir;
 static uint8_t *g_repro_data;
@@ -828,9 +829,11 @@ start_fuzzer(void *ctx)
 		"-detect_leaks=1",
 		NULL,
 		NULL,
+		NULL,
 		NULL
 	};
 	char time_str[128];
+	char prefix[PATH_MAX];
 	char len_str[128];
 	char **argv = _argv;
 	int argc = SPDK_COUNTOF(_argv);
@@ -838,6 +841,8 @@ start_fuzzer(void *ctx)
 	int rc;
 
 	spdk_unaffinitize_thread();
+	snprintf(prefix, sizeof(prefix), "-artifact_prefix=%s", g_artifact_prefix);
+	argv[argc - 4] = prefix;
 	len = MAX_COMMANDS * g_fuzzer->bytes_per_cmd;
 	snprintf(len_str, sizeof(len_str), "-max_len=%d", len);
 	argv[argc - 3] = len_str;
@@ -847,6 +852,9 @@ start_fuzzer(void *ctx)
 
 	g_in_fuzzer = true;
 	atexit(exit_handler);
+
+	free(g_artifact_prefix);
+
 	if (g_repro_data) {
 		printf("Running single test based on reproduction data file.\n");
 		rc = TestOneInput(g_repro_data, g_repro_size);
@@ -888,6 +896,7 @@ nvme_fuzz_usage(void)
 	fprintf(stderr, " -D                        Path of corpus directory.\n");
 	fprintf(stderr, " -F                        Transport ID for subsystem that should be fuzzed.\n");
 	fprintf(stderr, " -N                        Name of reproduction data file.\n");
+	fprintf(stderr, " -P                        Provide a prefix to use when saving artifacts.\n");
 	fprintf(stderr, " -t                        Time to run fuzz tests (in seconds). Default: 10\n");
 	fprintf(stderr, " -Z                        Fuzzer to run (0 to %lu)\n", NUM_FUZZERS - 1);
 }
@@ -927,6 +936,13 @@ nvme_fuzz_parse(int ch, char *arg)
 			return -1;
 		}
 		break;
+	case 'P':
+		g_artifact_prefix = strdup(optarg);
+		if (!g_artifact_prefix) {
+			fprintf(stderr, "cannot strdup: %s\n", optarg);
+			return -ENOMEM;
+		}
+		break;
 	case 't':
 	case 'Z':
 		tmp = spdk_strtoll(optarg, 10);
@@ -980,7 +996,7 @@ main(int argc, char **argv)
 	opts.name = "nvme_fuzz";
 	opts.shutdown_cb = fuzz_shutdown;
 
-	if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:t:Z:", NULL, nvme_fuzz_parse,
+	if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:P:t:Z:", NULL, nvme_fuzz_parse,
 				      nvme_fuzz_usage) != SPDK_APP_PARSE_ARGS_SUCCESS)) {
 		return rc;
 	}
diff --git a/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c b/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c
index 16486180f..165a759e9 100644
--- a/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c
+++ b/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c
@@ -29,6 +29,7 @@ struct fuzz_type {
 static uint8_t					payload[VFIO_USER_MAX_PAYLOAD_SIZE];
 
 static char					*g_ctrlr_path;
+static char					*g_artifact_prefix;
 static int32_t					g_time_in_sec = 10;
 static char					*g_corpus_dir;
 static uint8_t					*g_repro_data;
@@ -161,15 +162,19 @@ start_fuzzer(void *ctx)
 		"-detect_leaks=1",
 		NULL,
 		NULL,
+		NULL,
 		NULL
 	};
 	char time_str[128];
+	char prefix[PATH_MAX];
 	char len_str[128];
 	char **argv = _argv;
 	int argc = SPDK_COUNTOF(_argv);
 	uint32_t len = 0;
 
 	spdk_unaffinitize_thread();
+	snprintf(prefix, sizeof(prefix), "-artifact_prefix=%s", g_artifact_prefix);
+	argv[argc - 4] = prefix;
 	len = 10 * g_fuzzer->bytes_per_cmd;
 	snprintf(len_str, sizeof(len_str), "-max_len=%d", len);
 	argv[argc - 3] = len_str;
@@ -179,6 +184,8 @@ start_fuzzer(void *ctx)
 
 	atexit(exit_handler);
 
+	free(g_artifact_prefix);
+
 	if (g_repro_data) {
 		printf("Running single test based on reproduction data file.\n");
 		TestOneInput(g_repro_data, g_repro_size);
@@ -435,6 +442,7 @@ vfio_fuzz_usage(void)
 	fprintf(stderr, " -D                        Path of corpus directory.\n");
 	fprintf(stderr, " -F                        Path for ctrlr that should be fuzzed.\n");
 	fprintf(stderr, " -N                        Name of reproduction data file.\n");
+	fprintf(stderr, " -P                        Provide a prefix to use when saving artifacts.\n");
 	fprintf(stderr, " -t                        Time to run fuzz tests (in seconds). Default: 10\n");
 	fprintf(stderr, " -Y                        Path of addition controller to perform io.\n");
 	fprintf(stderr, " -Z                        Fuzzer to run (0 to %lu)\n", NUM_FUZZERS - 1);
@@ -473,6 +481,13 @@ vfio_fuzz_parse(int ch, char *arg)
 			return -1;
 		}
 		break;
+	case 'P':
+		g_artifact_prefix = strdup(optarg);
+		if (!g_artifact_prefix) {
+			fprintf(stderr, "cannot strdup: %s\n", optarg);
+			return -ENOMEM;
+		}
+		break;
 	case 'Y':
 		g_io_thread.io_ctrlr_path = strdup(optarg);
 		if (!g_io_thread.io_ctrlr_path) {
@@ -533,7 +548,7 @@ main(int argc, char **argv)
 	opts.name = "vfio_fuzz";
 	opts.shutdown_cb = fuzz_shutdown;
 
-	if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:t:Y:Z:", NULL, vfio_fuzz_parse,
+	if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:P:t:Y:Z:", NULL, vfio_fuzz_parse,
 				      vfio_fuzz_usage) != SPDK_APP_PARSE_ARGS_SUCCESS)) {
 		return rc;
 	}
diff --git a/test/fuzz/llvm/nvmf/run.sh b/test/fuzz/llvm/nvmf/run.sh
index 5a534547f..676aaba1a 100755
--- a/test/fuzz/llvm/nvmf/run.sh
+++ b/test/fuzz/llvm/nvmf/run.sh
@@ -35,6 +35,7 @@ function start_llvm_fuzz() {
 	$rootdir/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz \
 		-m $core \
 		-s $mem_size \
+		-P $output_dir/llvm/ \
 		-F "$trid" \
 		-c $nvmf_cfg \
 		-t $timen \
diff --git a/test/fuzz/llvm/vfio/run.sh b/test/fuzz/llvm/vfio/run.sh
index 27e87c4c8..e8ba702ec 100755
--- a/test/fuzz/llvm/vfio/run.sh
+++ b/test/fuzz/llvm/vfio/run.sh
@@ -37,6 +37,7 @@ function start_llvm_fuzz() {
 	$rootdir/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz \
 		-m $core \
 		-s $mem_size \
+		-P $output_dir/llvm/ \
 		-F $vfiouser_dir \
 		-c $vfiouser_cfg \
 		-t $timen \