QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Alexander Bulekov <alxndr@bu.edu>,
	Darren Kenny <darren.kenny@oracle.com>
Subject: [PULL 20/22] fuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers
Date: Fri, 16 Oct 2020 07:48:12 -0400
Message-ID: <20201016114814.1564523-21-pbonzini@redhat.com> (raw)
In-Reply-To: <20201016114814.1564523-1-pbonzini@redhat.com>

From: Alexander Bulekov <alxndr@bu.edu>

Prior to this patch, the only way I found to terminate the fuzzer was
either to:
 1. Explicitly specify the number of fuzzer runs with the -runs= flag
 2. SIGKILL the process with "pkill -9 qemu-fuzz-*" or similar

In addition to being annoying to deal with, SIGKILLing the process skips
over any exit handlers(e.g. registered with atexit()). This is bad,
since some fuzzers might create temporary files that should ideally be
removed on exit using an exit handler. The only way to achieve a clean
exit now is to specify -runs=N , but the desired "N" is tricky to
identify prior to fuzzing.

Why doesn't the process exit with standard SIGINT,SIGHUP,SIGTERM
signals? QEMU installs its own handlers for these signals in
os-posix.c:os_setup_signal_handling, which notify the main loop that an
exit was requested. The fuzzer, however, does not run qemu_main_loop,
which performs the main_loop_should_exit() check.  This means that the
fuzzer effectively ignores these signals. As we don't really care about
cleanly stopping the disposable fuzzer "VM", this patch uninstalls
QEMU's signal handlers. Thus, we can stop the fuzzer with
SIG{INT,HUP,TERM} and the fuzzing code can optionally use atexit() to
clean up temporary files/resources.

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201014142157.46028-1-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 tests/qtest/fuzz/fuzz.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index d926c490c5..eb0070437f 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -217,5 +217,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
     /* re-enable the rcu atfork, which was previously disabled in qemu_init */
+    /*
+     * Disable QEMU's signal handlers, since we manually control the main_loop,
+     * and don't check for main_loop_should_exit
+     */
+    signal(SIGINT, SIG_DFL);
+    signal(SIGHUP, SIG_DFL);
+    signal(SIGTERM, SIG_DFL);
     return 0;

  parent reply index

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-16 11:47 [PULL 00/22] Build system + misc changes for 2020-10-16 Paolo Bonzini
2020-10-16 11:47 ` [PULL 01/22] submodules: bump meson to 0.55.3 Paolo Bonzini
2020-10-16 11:47 ` [PULL 02/22] Makefile: Ensure cscope.out/tags/TAGS are generated in the source tree Paolo Bonzini
2020-10-16 11:47 ` [PULL 03/22] tests/Makefile.include: unbreak non-tcg builds Paolo Bonzini
2020-10-16 11:47 ` [PULL 04/22] make: run shell with pipefail Paolo Bonzini
2020-10-16 11:47 ` [PULL 05/22] tests: add missing generated sources to testqapi Paolo Bonzini
2020-10-16 11:47 ` [PULL 06/22] configure: move QEMU_INCLUDES to meson Paolo Bonzini
2020-10-16 11:47 ` [PULL 07/22] dockerfiles: enable Centos 8 PowerTools Paolo Bonzini
2020-10-16 11:48 ` [PULL 08/22] add ninja to dockerfiles, CI configurations and test VMs Paolo Bonzini
2020-10-16 11:48 ` [PULL 09/22] build: cleanups to Makefile Paolo Bonzini
2020-10-16 11:48 ` [PULL 10/22] build: replace ninjatool with ninja Paolo Bonzini
2020-10-16 11:48 ` [PULL 11/22] build: add --enable/--disable-libudev Paolo Bonzini
2020-10-16 11:48 ` [PULL 12/22] meson.build: don't condition iconv detection on library detection Paolo Bonzini
2020-10-16 11:48 ` [PULL 13/22] meson: cleanup curses/iconv test Paolo Bonzini
2020-10-16 11:48 ` [PULL 14/22] configure: fix handling of --docdir parameter Paolo Bonzini
2020-10-16 11:48 ` [PULL 15/22] meson: Only install icons and qemu.desktop if have_system Paolo Bonzini
2020-10-16 11:48 ` [PULL 16/22] docs: Fix Sphinx configuration for msys2/mingw Paolo Bonzini
2020-10-16 11:48 ` [PULL 17/22] meson: move SPHINX_ARGS references within "if build_docs" Paolo Bonzini
2020-10-16 11:48 ` [PULL 18/22] meson: Move the detection logic for sphinx to meson Paolo Bonzini
2020-10-16 13:27   ` 罗勇刚(Yonggang Luo)
2020-10-19 19:40     ` Eric Blake
2020-10-16 11:48 ` [PULL 19/22] cirrus: Enable doc build on msys2/mingw Paolo Bonzini
2020-10-16 11:48 ` Paolo Bonzini [this message]
2020-10-16 11:48 ` [PULL 21/22] hax: unbreak accelerator cpu code after cpus.c split Paolo Bonzini
2020-10-16 11:48 ` [PULL 22/22] ci: include configure and meson logs in all jobs if configure fails Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201016114814.1564523-21-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=alxndr@bu.edu \
    --cc=darren.kenny@oracle.com \
    --cc=qemu-devel@nongnu.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git
	git clone --mirror https://lore.kernel.org/qemu-devel/2 qemu-devel/git/2.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git