LLVM  4.0.0
FuzzerUtilDarwin.cpp
Go to the documentation of this file.
1 //===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 // Misc utils for Darwin.
10 //===----------------------------------------------------------------------===//
11 #include "FuzzerDefs.h"
12 #if LIBFUZZER_APPLE
13 
14 #include "FuzzerIO.h"
15 #include <mutex>
16 #include <signal.h>
17 #include <spawn.h>
18 #include <sys/wait.h>
19 
20 // There is no header for this on macOS so declare here
21 extern "C" char **environ;
22 
23 namespace fuzzer {
24 
25 static std::mutex SignalMutex;
26 // Global variables used to keep track of how signal handling should be
27 // restored. They should **not** be accessed without holding `SignalMutex`.
28 static int ActiveThreadCount = 0;
29 static struct sigaction OldSigIntAction;
30 static struct sigaction OldSigQuitAction;
31 static sigset_t OldBlockedSignalsSet;
32 
33 // This is a reimplementation of Libc's `system()`. On Darwin the Libc
34 // implementation contains a mutex which prevents it from being used
35 // concurrently. This implementation **can** be used concurrently. It sets the
36 // signal handlers when the first thread enters and restores them when the last
37 // thread finishes execution of the function and ensures this is not racey by
38 // using a mutex.
39 int ExecuteCommand(const std::string &Command) {
40  posix_spawnattr_t SpawnAttributes;
41  if (posix_spawnattr_init(&SpawnAttributes))
42  return -1;
43  // Block and ignore signals of the current process when the first thread
44  // enters.
45  {
46  std::lock_guard<std::mutex> Lock(SignalMutex);
47  if (ActiveThreadCount == 0) {
48  static struct sigaction IgnoreSignalAction;
49  sigset_t BlockedSignalsSet;
50  memset(&IgnoreSignalAction, 0, sizeof(IgnoreSignalAction));
51  IgnoreSignalAction.sa_handler = SIG_IGN;
52 
53  if (sigaction(SIGINT, &IgnoreSignalAction, &OldSigIntAction) == -1) {
54  Printf("Failed to ignore SIGINT\n");
55  (void)posix_spawnattr_destroy(&SpawnAttributes);
56  return -1;
57  }
58  if (sigaction(SIGQUIT, &IgnoreSignalAction, &OldSigQuitAction) == -1) {
59  Printf("Failed to ignore SIGQUIT\n");
60  // Try our best to restore the signal handlers.
61  (void)sigaction(SIGINT, &OldSigIntAction, NULL);
62  (void)posix_spawnattr_destroy(&SpawnAttributes);
63  return -1;
64  }
65 
66  (void)sigemptyset(&BlockedSignalsSet);
67  (void)sigaddset(&BlockedSignalsSet, SIGCHLD);
68  if (sigprocmask(SIG_BLOCK, &BlockedSignalsSet, &OldBlockedSignalsSet) ==
69  -1) {
70  Printf("Failed to block SIGCHLD\n");
71  // Try our best to restore the signal handlers.
72  (void)sigaction(SIGQUIT, &OldSigQuitAction, NULL);
73  (void)sigaction(SIGINT, &OldSigIntAction, NULL);
74  (void)posix_spawnattr_destroy(&SpawnAttributes);
75  return -1;
76  }
77  }
78  ++ActiveThreadCount;
79  }
80 
81  // NOTE: Do not introduce any new `return` statements past this
82  // point. It is important that `ActiveThreadCount` always be decremented
83  // when leaving this function.
84 
85  // Make sure the child process uses the default handlers for the
86  // following signals rather than inheriting what the parent has.
87  sigset_t DefaultSigSet;
88  (void)sigemptyset(&DefaultSigSet);
89  (void)sigaddset(&DefaultSigSet, SIGQUIT);
90  (void)sigaddset(&DefaultSigSet, SIGINT);
91  (void)posix_spawnattr_setsigdefault(&SpawnAttributes, &DefaultSigSet);
92  // Make sure the child process doesn't block SIGCHLD
93  (void)posix_spawnattr_setsigmask(&SpawnAttributes, &OldBlockedSignalsSet);
94  short SpawnFlags = POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK;
95  (void)posix_spawnattr_setflags(&SpawnAttributes, SpawnFlags);
96 
97  pid_t Pid;
98  char **Environ = environ; // Read from global
99  const char *CommandCStr = Command.c_str();
100  const char *Argv[] = {"sh", "-c", CommandCStr, NULL};
101  int ErrorCode = 0, ProcessStatus = 0;
102  // FIXME: We probably shouldn't hardcode the shell path.
103  ErrorCode = posix_spawn(&Pid, "/bin/sh", NULL, &SpawnAttributes,
104  (char *const *)Argv, Environ);
105  (void)posix_spawnattr_destroy(&SpawnAttributes);
106  if (!ErrorCode) {
107  pid_t SavedPid = Pid;
108  do {
109  // Repeat until call completes uninterrupted.
110  Pid = waitpid(SavedPid, &ProcessStatus, /*options=*/0);
111  } while (Pid == -1 && errno == EINTR);
112  if (Pid == -1) {
113  // Fail for some other reason.
114  ProcessStatus = -1;
115  }
116  } else if (ErrorCode == ENOMEM || ErrorCode == EAGAIN) {
117  // Fork failure.
118  ProcessStatus = -1;
119  } else {
120  // Shell execution failure.
121  ProcessStatus = W_EXITCODE(127, 0);
122  }
123 
124  // Restore the signal handlers of the current process when the last thread
125  // using this function finishes.
126  {
127  std::lock_guard<std::mutex> Lock(SignalMutex);
128  --ActiveThreadCount;
129  if (ActiveThreadCount == 0) {
130  bool FailedRestore = false;
131  if (sigaction(SIGINT, &OldSigIntAction, NULL) == -1) {
132  Printf("Failed to restore SIGINT handling\n");
133  FailedRestore = true;
134  }
135  if (sigaction(SIGQUIT, &OldSigQuitAction, NULL) == -1) {
136  Printf("Failed to restore SIGQUIT handling\n");
137  FailedRestore = true;
138  }
139  if (sigprocmask(SIG_BLOCK, &OldBlockedSignalsSet, NULL) == -1) {
140  Printf("Failed to unblock SIGCHLD\n");
141  FailedRestore = true;
142  }
143  if (FailedRestore)
144  ProcessStatus = -1;
145  }
146  }
147  return ProcessStatus;
148 }
149 
150 } // namespace fuzzer
151 
152 #endif // LIBFUZZER_APPLE
static sys::Mutex Lock
void Printf(const char *Fmt,...)
Definition: FuzzerIO.cpp:109
int ExecuteCommand(const std::string &Command)