[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 03/10] fuzz/generic-fuzz: use reboots instead of forks to res
From: |
Alexander Bulekov |
Subject: |
Re: [PATCH 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state |
Date: |
Thu, 16 Feb 2023 23:01:27 -0500 |
On 230213 1426, Darren Kenny wrote:
> Hi Alex,
>
> On Saturday, 2023-02-04 at 23:29:44 -05, Alexander Bulekov wrote:
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > ---
> > tests/qtest/fuzz/generic_fuzz.c | 106 +++++++-------------------------
> > 1 file changed, 23 insertions(+), 83 deletions(-)
> >
> > diff --git a/tests/qtest/fuzz/generic_fuzz.c
> > b/tests/qtest/fuzz/generic_fuzz.c
> > index 7326f6840b..c2e5642150 100644
> > --- a/tests/qtest/fuzz/generic_fuzz.c
> > +++ b/tests/qtest/fuzz/generic_fuzz.c
> > @@ -18,7 +18,6 @@
> > #include "tests/qtest/libqtest.h"
> > #include "tests/qtest/libqos/pci-pc.h"
> > #include "fuzz.h"
> > -#include "fork_fuzz.h"
> > #include "string.h"
> > #include "exec/memory.h"
> > #include "exec/ramblock.h"
> > @@ -29,6 +28,8 @@
> > #include "generic_fuzz_configs.h"
> > #include "hw/mem/sparse-mem.h"
> >
> > +static void pci_enum(gpointer pcidev, gpointer bus);
> > +
> > /*
> > * SEPARATOR is used to separate "operations" in the fuzz input
> > */
> > @@ -589,30 +590,6 @@ static void op_disable_pci(QTestState *s, const
> > unsigned char *data, size_t len)
> > pci_disabled = true;
> > }
> >
> > -static void handle_timeout(int sig)
> > -{
> > - if (qtest_log_enabled) {
> > - fprintf(stderr, "[Timeout]\n");
> > - fflush(stderr);
> > - }
> > -
> > - /*
> > - * If there is a crash, libfuzzer/ASAN forks a child to run an
> > - * "llvm-symbolizer" process for printing out a pretty stacktrace. It
> > - * communicates with this child using a pipe. If we timeout+Exit,
> > while
> > - * libfuzzer is still communicating with the llvm-symbolizer child, we
> > will
> > - * be left with an orphan llvm-symbolizer process. Sometimes, this
> > appears
> > - * to lead to a deadlock in the forkserver. Use waitpid to check if
> > there
> > - * are any waitable children. If so, exit out of the signal-handler,
> > and
> > - * let libfuzzer finish communicating with the child, and exit, on its
> > own.
> > - */
> > - if (waitpid(-1, NULL, WNOHANG) == 0) {
> > - return;
> > - }
> > -
> > - _Exit(0);
> > -}
> > -
> > /*
> >
>
> I'm presuming that the timeout is being left to the fuzz orchestrator
> now, rather than us managing it directly in our own way?
Yes. The fuzzer should handle timeouts directly now.
-Alex
- [PATCH 00/10] Retire Fork-Based Fuzzing, Alexander Bulekov, 2023/02/04
- [PATCH 01/10] hw/sparse-mem: clear memory on reset, Alexander Bulekov, 2023/02/04
- [PATCH 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state, Alexander Bulekov, 2023/02/04
- [PATCH 04/10] fuzz/generic-fuzz: add a limit on DMA bytes written, Alexander Bulekov, 2023/02/04
- [PATCH 05/10] fuzz/virtio-scsi: remove fork-based fuzzer, Alexander Bulekov, 2023/02/04
- [PATCH 02/10] fuzz: add fuzz_reboot API, Alexander Bulekov, 2023/02/04
- [PATCH 06/10] fuzz/virtio-net: remove fork-based fuzzer, Alexander Bulekov, 2023/02/04