Commit 17dd532f authored by Jim Harris's avatar Jim Harris Committed by Tomasz Zawadzki
Browse files

llvm_nvme_fuzz: raise SIGSEGV if user Ctrl-C 



If an input causes a hang, the fuzzing thread won't
terminate itself, since it is waiting for all
outstanding commands to complete.  So raise a SIGSEGV
in the SPDK shutdown handler instead, which will
cause the fuzzer thread to exit as well as generating
an input file of the hung input.

Signed-off-by: default avatarJim Harris <james.r.harris@intel.com>
Change-Id: I5753977740e27ca7827222b9e3cee1e939ef31a1
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12407


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
Reviewed-by: default avatarChangpeng Liu <changpeng.liu@intel.com>
Reviewed-by: default avatar <yifan.bian@intel.com>
Reviewed-by: default avatarDong Yi <dongx.yi@intel.com>
parent 0674ead7

test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c

+12 −10
Original line number Diff line number Diff line
@@ -46,7 +46,6 @@ static int32_t g_time_in_sec = 10; 
static char *g_corpus_dir;

static pthread_t g_fuzz_td;

static pthread_t g_reactor_td;

static bool g_shutdown;

static bool g_in_fuzzer;



#define MAX_COMMANDS 5
@@ -543,7 +542,7 @@ run_cmds(uint32_t queue_depth) 
		}

	}



	while (outstanding > 0 && !g_shutdown) {

	while (outstanding > 0) {

		spdk_nvme_qpair_process_completions(g_io_qpair, 0);

		spdk_nvme_ctrlr_process_admin_completions(g_ctrlr);

	}
@@ -577,10 +576,6 @@ static int TestOneInput(const uint8_t *data, size_t size) 
		spdk_nvme_detach_poll(detach_ctx);

	}



	if (g_shutdown) {

		pthread_exit(NULL);

	}



	return 0;

}
@@ -710,10 +705,17 @@ nvme_fuzz_parse(int ch, char *arg) 
static void

fuzz_shutdown(void)

{

	g_shutdown = true;

	/* Wait for the fuzz thread to exit before calling spdk_app_stop(). */

	pthread_join(g_fuzz_td, NULL);

	spdk_app_stop(-1);

	/* If the user terminates the fuzzer prematurely, it is likely due

	 * to an input hang.  So raise a SIGSEGV signal which will cause the

	 * fuzzer to generate a crash file for the last input.

	 *

	 * Note that the fuzzer will always generate a crash file, even if

	 * we get our TestOneInput() function (which is called by the fuzzer)

	 * to pthread_exit().  So just doing the SIGSEGV here in all cases is

	 * simpler than trying to differentiate between hung inputs and

	 * an impatient user.

	 */

	pthread_kill(g_fuzz_td, SIGSEGV);

}



int