diff mbox series

[PATCH-for-5.1,2/2] fuzz: add missing header for rcu_enable_atfork

Message ID 20200708200104.21978-3-alxndr@bu.edu
State New, archived
Headers show
Series fuzz: broken build fixes | expand

Commit Message

Alexander Bulekov July 8, 2020, 8:01 p.m. UTC
In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
in d6919e4cb6. I added a call to rcu_enable_atfork after the
call to qemu_init in fuzz.c, but forgot to include the corresponding
header, breaking --enable-fuzzing --enable-werror builds.

Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
 tests/qtest/fuzz/fuzz.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Philippe Mathieu-Daudé July 9, 2020, 5:03 a.m. UTC | #1
On 7/8/20 10:01 PM, Alexander Bulekov wrote:
> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
> in d6919e4cb6. I added a call to rcu_enable_atfork after the
> call to qemu_init in fuzz.c, but forgot to include the corresponding
> header, breaking --enable-fuzzing --enable-werror builds.
> 
> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>  tests/qtest/fuzz/fuzz.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index a36d9038e0..0b66e43409 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -19,6 +19,7 @@
>  #include "sysemu/runstate.h"
>  #include "sysemu/sysemu.h"
>  #include "qemu/main-loop.h"
> +#include "qemu/rcu.h"
>  #include "tests/qtest/libqtest.h"
>  #include "tests/qtest/libqos/qgraph.h"
>  #include "fuzz.h"
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Philippe Mathieu-Daudé July 9, 2020, 5:09 a.m. UTC | #2
On 7/9/20 7:03 AM, Philippe Mathieu-Daudé wrote:
> On 7/8/20 10:01 PM, Alexander Bulekov wrote:
>> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
>> in d6919e4cb6. I added a call to rcu_enable_atfork after the
>> call to qemu_init in fuzz.c, but forgot to include the corresponding
>> header, breaking --enable-fuzzing --enable-werror builds.
>>
>> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
>> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
>> ---
>>  tests/qtest/fuzz/fuzz.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
>> index a36d9038e0..0b66e43409 100644
>> --- a/tests/qtest/fuzz/fuzz.c
>> +++ b/tests/qtest/fuzz/fuzz.c
>> @@ -19,6 +19,7 @@
>>  #include "sysemu/runstate.h"
>>  #include "sysemu/sysemu.h"
>>  #include "qemu/main-loop.h"
>> +#include "qemu/rcu.h"
>>  #include "tests/qtest/libqtest.h"
>>  #include "tests/qtest/libqos/qgraph.h"
>>  #include "fuzz.h"
>>
> 
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> 

Please add the include to softmmu/vl.c too.
Thomas Huth July 9, 2020, 5:15 a.m. UTC | #3
On 09/07/2020 07.09, Philippe Mathieu-Daudé wrote:
> On 7/9/20 7:03 AM, Philippe Mathieu-Daudé wrote:
>> On 7/8/20 10:01 PM, Alexander Bulekov wrote:
>>> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
>>> in d6919e4cb6. I added a call to rcu_enable_atfork after the
>>> call to qemu_init in fuzz.c, but forgot to include the corresponding
>>> header, breaking --enable-fuzzing --enable-werror builds.
>>>
>>> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
>>> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
>>> ---
>>>  tests/qtest/fuzz/fuzz.c | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
>>> index a36d9038e0..0b66e43409 100644
>>> --- a/tests/qtest/fuzz/fuzz.c
>>> +++ b/tests/qtest/fuzz/fuzz.c
>>> @@ -19,6 +19,7 @@
>>>  #include "sysemu/runstate.h"
>>>  #include "sysemu/sysemu.h"
>>>  #include "qemu/main-loop.h"
>>> +#include "qemu/rcu.h"
>>>  #include "tests/qtest/libqtest.h"
>>>  #include "tests/qtest/libqos/qgraph.h"
>>>  #include "fuzz.h"
>>>
>>
>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
> 
> Please add the include to softmmu/vl.c too.

Why? Did you run into compile problems here, too?

 Thomas
Thomas Huth July 9, 2020, 5:18 a.m. UTC | #4
On 08/07/2020 22.01, Alexander Bulekov wrote:
> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
> in d6919e4cb6. I added a call to rcu_enable_atfork after the
> call to qemu_init in fuzz.c, but forgot to include the corresponding
> header, breaking --enable-fuzzing --enable-werror builds.
> 
> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>  tests/qtest/fuzz/fuzz.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index a36d9038e0..0b66e43409 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -19,6 +19,7 @@
>  #include "sysemu/runstate.h"
>  #include "sysemu/sysemu.h"
>  #include "qemu/main-loop.h"
> +#include "qemu/rcu.h"
>  #include "tests/qtest/libqtest.h"
>  #include "tests/qtest/libqos/qgraph.h"
>  #include "fuzz.h"

D'oh, mea culpa, I also apparently did not properly compile test that
patch :-( I think we need a CI job that at least compile tests the
fuzzing code - I can look into that once Alex Bennée's current testing
pull request has been merged.

Alexander, is there also a way to run a fuzzer just for some few
minutes? E.g. a fuzzing test that finishes quickly, or an option to
limit the time that a test is running? If so, we could also add that
quick test to the CI pipeline, to make sure that the fuzzer code does
not only compile, but is also able to run (at least a little bit).

For this patch here:
Reviewed-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé July 9, 2020, 1:15 p.m. UTC | #5
On 7/9/20 7:15 AM, Thomas Huth wrote:
> On 09/07/2020 07.09, Philippe Mathieu-Daudé wrote:
>> On 7/9/20 7:03 AM, Philippe Mathieu-Daudé wrote:
>>> On 7/8/20 10:01 PM, Alexander Bulekov wrote:
>>>> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
>>>> in d6919e4cb6. I added a call to rcu_enable_atfork after the
>>>> call to qemu_init in fuzz.c, but forgot to include the corresponding
>>>> header, breaking --enable-fuzzing --enable-werror builds.
>>>>
>>>> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
>>>> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
>>>> ---
>>>>  tests/qtest/fuzz/fuzz.c | 1 +
>>>>  1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
>>>> index a36d9038e0..0b66e43409 100644
>>>> --- a/tests/qtest/fuzz/fuzz.c
>>>> +++ b/tests/qtest/fuzz/fuzz.c
>>>> @@ -19,6 +19,7 @@
>>>>  #include "sysemu/runstate.h"
>>>>  #include "sysemu/sysemu.h"
>>>>  #include "qemu/main-loop.h"
>>>> +#include "qemu/rcu.h"
>>>>  #include "tests/qtest/libqtest.h"
>>>>  #include "tests/qtest/libqos/qgraph.h"
>>>>  #include "fuzz.h"
>>>>
>>>
>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>>
>>
>> Please add the include to softmmu/vl.c too.
> 
> Why? Did you run into compile problems here, too?

No, because it is unexpectedly pulled by "exec/memory.h".

You are right however this is unrelated to 45222b9a90,
it comes from 73c6e4013b ("rcu: completely disable pthread_atfork
callbacks as soon as possible"), so I'll send a separate patch.
Alexander Bulekov July 9, 2020, 1:38 p.m. UTC | #6
On 200709 0718, Thomas Huth wrote:
> On 08/07/2020 22.01, Alexander Bulekov wrote:
> > In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
> > in d6919e4cb6. I added a call to rcu_enable_atfork after the
> > call to qemu_init in fuzz.c, but forgot to include the corresponding
> > header, breaking --enable-fuzzing --enable-werror builds.
> > 
> > Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > ---
> >  tests/qtest/fuzz/fuzz.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> > index a36d9038e0..0b66e43409 100644
> > --- a/tests/qtest/fuzz/fuzz.c
> > +++ b/tests/qtest/fuzz/fuzz.c
> > @@ -19,6 +19,7 @@
> >  #include "sysemu/runstate.h"
> >  #include "sysemu/sysemu.h"
> >  #include "qemu/main-loop.h"
> > +#include "qemu/rcu.h"
> >  #include "tests/qtest/libqtest.h"
> >  #include "tests/qtest/libqos/qgraph.h"
> >  #include "fuzz.h"
> 
> D'oh, mea culpa, I also apparently did not properly compile test that
> patch :-( I think we need a CI job that at least compile tests the
> fuzzing code - I can look into that once Alex Bennée's current testing
> pull request has been merged.

My bad - I should have done a clean build with a version of clang
that doesn't require me to -disable-werror

> Alexander, is there also a way to run a fuzzer just for some few
> minutes? E.g. a fuzzing test that finishes quickly, or an option to
> limit the time that a test is running? If so, we could also add that
> quick test to the CI pipeline, to make sure that the fuzzer code does
> not only compile, but is also able to run (at least a little bit).

Yes. I think the sequence could look something like:
CC=clang CXX=clang++ ../configure --enable-fuzzing --enable-sanitizers \
             --enable-werror
make i386-softmmu/fuzz
./i386-softmmu/qemu-fuzz-i386 --fuzz-target=i440fx-qtest-reboot-fuzz -runs=5000

This will run the i440fx fuzzer over 5000 inputs which should finish in
a second or so. I don't expect it to actually find any crashes in the
i440fx in such a short period, so, ideally, all errors would be
fuzzer-related.

Where can I get started with building out a CI job for this?

One aside: running this right now, QEMU exits and AddressSanitizer
complains about some leaks. There is a patch in Paolo's PR that should
fix this, but I was surprised that existing CI tests didn't catch it. Is
leak detection usually disabled in CI?

> For this patch here:
> Reviewed-by: Thomas Huth <thuth@redhat.com>

Thanks!
-Alex
Thomas Huth July 9, 2020, 1:57 p.m. UTC | #7
On 09/07/2020 15.38, Alexander Bulekov wrote:
> On 200709 0718, Thomas Huth wrote:
>> On 08/07/2020 22.01, Alexander Bulekov wrote:
>>> In 45222b9a90, I fixed a broken check for rcu_enable_atfork introduced
>>> in d6919e4cb6. I added a call to rcu_enable_atfork after the
>>> call to qemu_init in fuzz.c, but forgot to include the corresponding
>>> header, breaking --enable-fuzzing --enable-werror builds.
>>>
>>> Fixes: 45222b9a90 ("fuzz: fix broken qtest check at rcu_disable_atfork")
>>> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
>>> ---
>>>  tests/qtest/fuzz/fuzz.c | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
>>> index a36d9038e0..0b66e43409 100644
>>> --- a/tests/qtest/fuzz/fuzz.c
>>> +++ b/tests/qtest/fuzz/fuzz.c
>>> @@ -19,6 +19,7 @@
>>>  #include "sysemu/runstate.h"
>>>  #include "sysemu/sysemu.h"
>>>  #include "qemu/main-loop.h"
>>> +#include "qemu/rcu.h"
>>>  #include "tests/qtest/libqtest.h"
>>>  #include "tests/qtest/libqos/qgraph.h"
>>>  #include "fuzz.h"
>>
>> D'oh, mea culpa, I also apparently did not properly compile test that
>> patch :-( I think we need a CI job that at least compile tests the
>> fuzzing code - I can look into that once Alex Bennée's current testing
>> pull request has been merged.
> 
> My bad - I should have done a clean build with a version of clang
> that doesn't require me to -disable-werror
> 
>> Alexander, is there also a way to run a fuzzer just for some few
>> minutes? E.g. a fuzzing test that finishes quickly, or an option to
>> limit the time that a test is running? If so, we could also add that
>> quick test to the CI pipeline, to make sure that the fuzzer code does
>> not only compile, but is also able to run (at least a little bit).
> 
> Yes. I think the sequence could look something like:
> CC=clang CXX=clang++ ../configure --enable-fuzzing --enable-sanitizers \
>              --enable-werror
> make i386-softmmu/fuzz
> ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=i440fx-qtest-reboot-fuzz -runs=5000
> 
> This will run the i440fx fuzzer over 5000 inputs which should finish in
> a second or so. I don't expect it to actually find any crashes in the
> i440fx in such a short period, so, ideally, all errors would be
> fuzzer-related.
> 
> Where can I get started with building out a CI job for this?

I'd suggest to use gitlab, since we're currently focusing on that for
our CI. So get an account on gitlab, clone the qemu repository there
(https://gitlab.com/qemu-project/qemu) to your account, and then you
should almost be ready to go: Edit the .gitlab-ci.yml file in the
repository, and once you push your local branch to the gitlab server,
you should see the jobs running in the "CI / CD" section. (Not sure
anymore whether you have to enable the CI manually for your project,
though, but it should not be too hard to find that setting if that's the
case)

> One aside: running this right now, QEMU exits and AddressSanitizer
> complains about some leaks. There is a patch in Paolo's PR that should
> fix this, but I was surprised that existing CI tests didn't catch it. Is
> leak detection usually disabled in CI?

I'm not aware of any CI tests that is currently using leak detection ...
so it's certainly welcome if we get more test coverage here!

 Thomas
diff mbox series

Patch

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index a36d9038e0..0b66e43409 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -19,6 +19,7 @@ 
 #include "sysemu/runstate.h"
 #include "sysemu/sysemu.h"
 #include "qemu/main-loop.h"
+#include "qemu/rcu.h"
 #include "tests/qtest/libqtest.h"
 #include "tests/qtest/libqos/qgraph.h"
 #include "fuzz.h"