compiler-rt/lib/fuzzer/FuzzerUtilDarwin.cpp

   1 //===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 // Misc utils for Darwin.
   9 //===----------------------------------------------------------------------===//
  10 #include "FuzzerPlatform.h"
  11 #if LIBFUZZER_APPLE
  12 #include "FuzzerCommand.h"
  13 #include "FuzzerIO.h"
  14 #include <mutex>
  15 #include <signal.h>
  16 #include <spawn.h>
  17 #include <stdlib.h>
  18 #include <string.h>
  19 #include <sys/wait.h>
  20 #include <unistd.h>
  21
  22 // There is no header for this on macOS so declare here
  23 extern "C" char **environ;
  24
  25 namespace fuzzer {
  26
  27 static std::mutex SignalMutex;
  28 // Global variables used to keep track of how signal handling should be
  29 // restored. They should **not** be accessed without holding `SignalMutex`.
  30 static int ActiveThreadCount = 0;
  31 static struct sigaction OldSigIntAction;
  32 static struct sigaction OldSigQuitAction;
  33 static sigset_t OldBlockedSignalsSet;
  34
  35 // This is a reimplementation of Libc's `system()`. On Darwin the Libc
  36 // implementation contains a mutex which prevents it from being used
  37 // concurrently. This implementation **can** be used concurrently. It sets the
  38 // signal handlers when the first thread enters and restores them when the last
  39 // thread finishes execution of the function and ensures this is not racey by
  40 // using a mutex.
  41 int ExecuteCommand(const Command &Cmd) {
  42   std::string CmdLine = Cmd.toString();
  43   posix_spawnattr_t SpawnAttributes;
  44   if (posix_spawnattr_init(&SpawnAttributes))
  45     return -1;
  46   // Block and ignore signals of the current process when the first thread
  47   // enters.
  48   {
  49     std::lock_guard<std::mutex> Lock(SignalMutex);
  50     if (ActiveThreadCount == 0) {
  51       static struct sigaction IgnoreSignalAction;
  52       sigset_t BlockedSignalsSet;
  53       memset(&IgnoreSignalAction, 0, sizeof(IgnoreSignalAction));
  54       IgnoreSignalAction.sa_handler = SIG_IGN;
  55
  56       if (sigaction(SIGINT, &IgnoreSignalAction, &OldSigIntAction) == -1) {
  57         Printf("Failed to ignore SIGINT\n");
  58         (void)posix_spawnattr_destroy(&SpawnAttributes);
  59         return -1;
  60       }
  61       if (sigaction(SIGQUIT, &IgnoreSignalAction, &OldSigQuitAction) == -1) {
  62         Printf("Failed to ignore SIGQUIT\n");
  63         // Try our best to restore the signal handlers.
  64         (void)sigaction(SIGINT, &OldSigIntAction, NULL);
  65         (void)posix_spawnattr_destroy(&SpawnAttributes);
  66         return -1;
  67       }
  68
  69       (void)sigemptyset(&BlockedSignalsSet);
  70       (void)sigaddset(&BlockedSignalsSet, SIGCHLD);
  71       if (sigprocmask(SIG_BLOCK, &BlockedSignalsSet, &OldBlockedSignalsSet) ==
  72           -1) {
  73         Printf("Failed to block SIGCHLD\n");
  74         // Try our best to restore the signal handlers.
  75         (void)sigaction(SIGQUIT, &OldSigQuitAction, NULL);
  76         (void)sigaction(SIGINT, &OldSigIntAction, NULL);
  77         (void)posix_spawnattr_destroy(&SpawnAttributes);
  78         return -1;
  79       }
  80     }
  81     ++ActiveThreadCount;
  82   }
  83
  84   // NOTE: Do not introduce any new `return` statements past this
  85   // point. It is important that `ActiveThreadCount` always be decremented
  86   // when leaving this function.
  87
  88   // Make sure the child process uses the default handlers for the
  89   // following signals rather than inheriting what the parent has.
  90   sigset_t DefaultSigSet;
  91   (void)sigemptyset(&DefaultSigSet);
  92   (void)sigaddset(&DefaultSigSet, SIGQUIT);
  93   (void)sigaddset(&DefaultSigSet, SIGINT);
  94   (void)posix_spawnattr_setsigdefault(&SpawnAttributes, &DefaultSigSet);
  95   // Make sure the child process doesn't block SIGCHLD
  96   (void)posix_spawnattr_setsigmask(&SpawnAttributes, &OldBlockedSignalsSet);
  97   short SpawnFlags = POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK;
  98   (void)posix_spawnattr_setflags(&SpawnAttributes, SpawnFlags);
  99
 100   pid_t Pid;
 101   char **Environ = environ; // Read from global
 102   const char *CommandCStr = CmdLine.c_str();
 103   char *const Argv[] = {
 104     strdup("sh"),
 105     strdup("-c"),
 106     strdup(CommandCStr),
 107     NULL
 108   };
 109   int ErrorCode = 0, ProcessStatus = 0;
 110   // FIXME: We probably shouldn't hardcode the shell path.
 111   ErrorCode = posix_spawn(&Pid, "/bin/sh", NULL, &SpawnAttributes,
 112                           Argv, Environ);
 113   (void)posix_spawnattr_destroy(&SpawnAttributes);
 114   if (!ErrorCode) {
 115     pid_t SavedPid = Pid;
 116     do {
 117       // Repeat until call completes uninterrupted.
 118       Pid = waitpid(SavedPid, &ProcessStatus, /*options=*/0);
 119     } while (Pid == -1 && errno == EINTR);
 120     if (Pid == -1) {
 121       // Fail for some other reason.
 122       ProcessStatus = -1;
 123     }
 124   } else if (ErrorCode == ENOMEM || ErrorCode == EAGAIN) {
 125     // Fork failure.
 126     ProcessStatus = -1;
 127   } else {
 128     // Shell execution failure.
 129     ProcessStatus = W_EXITCODE(127, 0);
 130   }
 131   for (unsigned i = 0, n = sizeof(Argv) / sizeof(Argv[0]); i < n; ++i)
 132     free(Argv[i]);
 133
 134   // Restore the signal handlers of the current process when the last thread
 135   // using this function finishes.
 136   {
 137     std::lock_guard<std::mutex> Lock(SignalMutex);
 138     --ActiveThreadCount;
 139     if (ActiveThreadCount == 0) {
 140       bool FailedRestore = false;
 141       if (sigaction(SIGINT, &OldSigIntAction, NULL) == -1) {
 142         Printf("Failed to restore SIGINT handling\n");
 143         FailedRestore = true;
 144       }
 145       if (sigaction(SIGQUIT, &OldSigQuitAction, NULL) == -1) {
 146         Printf("Failed to restore SIGQUIT handling\n");
 147         FailedRestore = true;
 148       }
 149       if (sigprocmask(SIG_BLOCK, &OldBlockedSignalsSet, NULL) == -1) {
 150         Printf("Failed to unblock SIGCHLD\n");
 151         FailedRestore = true;
 152       }
 153       if (FailedRestore)
 154         ProcessStatus = -1;
 155     }
 156   }
 157   return ProcessStatus;
 158 }
 159
 160 void DiscardOutput(int Fd) {
 161   FILE* Temp = fopen("/dev/null", "w");
 162   if (!Temp)
 163     return;
 164   dup2(fileno(Temp), Fd);
 165   fclose(Temp);
 166 }
 167
 168 void SetThreadName(std::thread &thread, const std::string &name) {
 169   // TODO ?
 170   // Darwin allows to set the name only on the current thread it seems
 171 }
 172
 173 } // namespace fuzzer
 174
 175 #endif // LIBFUZZER_APPLE