aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bulekov <alxndr@bu.edu>2020-10-14 10:21:57 -0400
committerPaolo Bonzini <pbonzini@redhat.com>2020-10-17 10:45:53 -0400
commitfc69fa216cf52709b1279a592364e50c674db6ff (patch)
tree13cf97db542d978b406a537a63cde737cea8187c
parent5bfb4f52fe897f5594a0089891e19c78d3ecd672 (diff)
downloadqemu-fc69fa216cf52709b1279a592364e50c674db6ff.zip
qemu-fc69fa216cf52709b1279a592364e50c674db6ff.tar.gz
qemu-fc69fa216cf52709b1279a592364e50c674db6ff.tar.bz2
fuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers
Prior to this patch, the only way I found to terminate the fuzzer was either to: 1. Explicitly specify the number of fuzzer runs with the -runs= flag 2. SIGKILL the process with "pkill -9 qemu-fuzz-*" or similar In addition to being annoying to deal with, SIGKILLing the process skips over any exit handlers(e.g. registered with atexit()). This is bad, since some fuzzers might create temporary files that should ideally be removed on exit using an exit handler. The only way to achieve a clean exit now is to specify -runs=N , but the desired "N" is tricky to identify prior to fuzzing. Why doesn't the process exit with standard SIGINT,SIGHUP,SIGTERM signals? QEMU installs its own handlers for these signals in os-posix.c:os_setup_signal_handling, which notify the main loop that an exit was requested. The fuzzer, however, does not run qemu_main_loop, which performs the main_loop_should_exit() check. This means that the fuzzer effectively ignores these signals. As we don't really care about cleanly stopping the disposable fuzzer "VM", this patch uninstalls QEMU's signal handlers. Thus, we can stop the fuzzer with SIG{INT,HUP,TERM} and the fuzzing code can optionally use atexit() to clean up temporary files/resources. Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201014142157.46028-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r--tests/qtest/fuzz/fuzz.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index d926c49..eb00704 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -217,5 +217,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
/* re-enable the rcu atfork, which was previously disabled in qemu_init */
rcu_enable_atfork();
+ /*
+ * Disable QEMU's signal handlers, since we manually control the main_loop,
+ * and don't check for main_loop_should_exit
+ */
+ signal(SIGINT, SIG_DFL);
+ signal(SIGHUP, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+
return 0;
}