10b57cec5SDimitry Andric //===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===// 20b57cec5SDimitry Andric // 30b57cec5SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 40b57cec5SDimitry Andric // See https://llvm.org/LICENSE.txt for license information. 50b57cec5SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 60b57cec5SDimitry Andric // 70b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 80b57cec5SDimitry Andric // Misc utils for Darwin. 90b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 10*5ffd83dbSDimitry Andric #include "FuzzerPlatform.h" 110b57cec5SDimitry Andric #if LIBFUZZER_APPLE 120b57cec5SDimitry Andric #include "FuzzerCommand.h" 130b57cec5SDimitry Andric #include "FuzzerIO.h" 140b57cec5SDimitry Andric #include <mutex> 150b57cec5SDimitry Andric #include <signal.h> 160b57cec5SDimitry Andric #include <spawn.h> 170b57cec5SDimitry Andric #include <stdlib.h> 180b57cec5SDimitry Andric #include <string.h> 190b57cec5SDimitry Andric #include <sys/wait.h> 20480093f4SDimitry Andric #include <unistd.h> 210b57cec5SDimitry Andric 220b57cec5SDimitry Andric // There is no header for this on macOS so declare here 230b57cec5SDimitry Andric extern "C" char **environ; 240b57cec5SDimitry Andric 250b57cec5SDimitry Andric namespace fuzzer { 260b57cec5SDimitry Andric 270b57cec5SDimitry Andric static std::mutex SignalMutex; 280b57cec5SDimitry Andric // Global variables used to keep track of how signal handling should be 290b57cec5SDimitry Andric // restored. They should **not** be accessed without holding `SignalMutex`. 300b57cec5SDimitry Andric static int ActiveThreadCount = 0; 310b57cec5SDimitry Andric static struct sigaction OldSigIntAction; 320b57cec5SDimitry Andric static struct sigaction OldSigQuitAction; 330b57cec5SDimitry Andric static sigset_t OldBlockedSignalsSet; 340b57cec5SDimitry Andric 350b57cec5SDimitry Andric // This is a reimplementation of Libc's `system()`. On Darwin the Libc 360b57cec5SDimitry Andric // implementation contains a mutex which prevents it from being used 370b57cec5SDimitry Andric // concurrently. This implementation **can** be used concurrently. It sets the 380b57cec5SDimitry Andric // signal handlers when the first thread enters and restores them when the last 390b57cec5SDimitry Andric // thread finishes execution of the function and ensures this is not racey by 400b57cec5SDimitry Andric // using a mutex. 410b57cec5SDimitry Andric int ExecuteCommand(const Command &Cmd) { 420b57cec5SDimitry Andric std::string CmdLine = Cmd.toString(); 430b57cec5SDimitry Andric posix_spawnattr_t SpawnAttributes; 440b57cec5SDimitry Andric if (posix_spawnattr_init(&SpawnAttributes)) 450b57cec5SDimitry Andric return -1; 460b57cec5SDimitry Andric // Block and ignore signals of the current process when the first thread 470b57cec5SDimitry Andric // enters. 480b57cec5SDimitry Andric { 490b57cec5SDimitry Andric std::lock_guard<std::mutex> Lock(SignalMutex); 500b57cec5SDimitry Andric if (ActiveThreadCount == 0) { 510b57cec5SDimitry Andric static struct sigaction IgnoreSignalAction; 520b57cec5SDimitry Andric sigset_t BlockedSignalsSet; 530b57cec5SDimitry Andric memset(&IgnoreSignalAction, 0, sizeof(IgnoreSignalAction)); 540b57cec5SDimitry Andric IgnoreSignalAction.sa_handler = SIG_IGN; 550b57cec5SDimitry Andric 560b57cec5SDimitry Andric if (sigaction(SIGINT, &IgnoreSignalAction, &OldSigIntAction) == -1) { 570b57cec5SDimitry Andric Printf("Failed to ignore SIGINT\n"); 580b57cec5SDimitry Andric (void)posix_spawnattr_destroy(&SpawnAttributes); 590b57cec5SDimitry Andric return -1; 600b57cec5SDimitry Andric } 610b57cec5SDimitry Andric if (sigaction(SIGQUIT, &IgnoreSignalAction, &OldSigQuitAction) == -1) { 620b57cec5SDimitry Andric Printf("Failed to ignore SIGQUIT\n"); 630b57cec5SDimitry Andric // Try our best to restore the signal handlers. 640b57cec5SDimitry Andric (void)sigaction(SIGINT, &OldSigIntAction, NULL); 650b57cec5SDimitry Andric (void)posix_spawnattr_destroy(&SpawnAttributes); 660b57cec5SDimitry Andric return -1; 670b57cec5SDimitry Andric } 680b57cec5SDimitry Andric 690b57cec5SDimitry Andric (void)sigemptyset(&BlockedSignalsSet); 700b57cec5SDimitry Andric (void)sigaddset(&BlockedSignalsSet, SIGCHLD); 710b57cec5SDimitry Andric if (sigprocmask(SIG_BLOCK, &BlockedSignalsSet, &OldBlockedSignalsSet) == 720b57cec5SDimitry Andric -1) { 730b57cec5SDimitry Andric Printf("Failed to block SIGCHLD\n"); 740b57cec5SDimitry Andric // Try our best to restore the signal handlers. 750b57cec5SDimitry Andric (void)sigaction(SIGQUIT, &OldSigQuitAction, NULL); 760b57cec5SDimitry Andric (void)sigaction(SIGINT, &OldSigIntAction, NULL); 770b57cec5SDimitry Andric (void)posix_spawnattr_destroy(&SpawnAttributes); 780b57cec5SDimitry Andric return -1; 790b57cec5SDimitry Andric } 800b57cec5SDimitry Andric } 810b57cec5SDimitry Andric ++ActiveThreadCount; 820b57cec5SDimitry Andric } 830b57cec5SDimitry Andric 840b57cec5SDimitry Andric // NOTE: Do not introduce any new `return` statements past this 850b57cec5SDimitry Andric // point. It is important that `ActiveThreadCount` always be decremented 860b57cec5SDimitry Andric // when leaving this function. 870b57cec5SDimitry Andric 880b57cec5SDimitry Andric // Make sure the child process uses the default handlers for the 890b57cec5SDimitry Andric // following signals rather than inheriting what the parent has. 900b57cec5SDimitry Andric sigset_t DefaultSigSet; 910b57cec5SDimitry Andric (void)sigemptyset(&DefaultSigSet); 920b57cec5SDimitry Andric (void)sigaddset(&DefaultSigSet, SIGQUIT); 930b57cec5SDimitry Andric (void)sigaddset(&DefaultSigSet, SIGINT); 940b57cec5SDimitry Andric (void)posix_spawnattr_setsigdefault(&SpawnAttributes, &DefaultSigSet); 950b57cec5SDimitry Andric // Make sure the child process doesn't block SIGCHLD 960b57cec5SDimitry Andric (void)posix_spawnattr_setsigmask(&SpawnAttributes, &OldBlockedSignalsSet); 970b57cec5SDimitry Andric short SpawnFlags = POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK; 980b57cec5SDimitry Andric (void)posix_spawnattr_setflags(&SpawnAttributes, SpawnFlags); 990b57cec5SDimitry Andric 1000b57cec5SDimitry Andric pid_t Pid; 1010b57cec5SDimitry Andric char **Environ = environ; // Read from global 1020b57cec5SDimitry Andric const char *CommandCStr = CmdLine.c_str(); 1030b57cec5SDimitry Andric char *const Argv[] = { 1040b57cec5SDimitry Andric strdup("sh"), 1050b57cec5SDimitry Andric strdup("-c"), 1060b57cec5SDimitry Andric strdup(CommandCStr), 1070b57cec5SDimitry Andric NULL 1080b57cec5SDimitry Andric }; 1090b57cec5SDimitry Andric int ErrorCode = 0, ProcessStatus = 0; 1100b57cec5SDimitry Andric // FIXME: We probably shouldn't hardcode the shell path. 1110b57cec5SDimitry Andric ErrorCode = posix_spawn(&Pid, "/bin/sh", NULL, &SpawnAttributes, 1120b57cec5SDimitry Andric Argv, Environ); 1130b57cec5SDimitry Andric (void)posix_spawnattr_destroy(&SpawnAttributes); 1140b57cec5SDimitry Andric if (!ErrorCode) { 1150b57cec5SDimitry Andric pid_t SavedPid = Pid; 1160b57cec5SDimitry Andric do { 1170b57cec5SDimitry Andric // Repeat until call completes uninterrupted. 1180b57cec5SDimitry Andric Pid = waitpid(SavedPid, &ProcessStatus, /*options=*/0); 1190b57cec5SDimitry Andric } while (Pid == -1 && errno == EINTR); 1200b57cec5SDimitry Andric if (Pid == -1) { 1210b57cec5SDimitry Andric // Fail for some other reason. 1220b57cec5SDimitry Andric ProcessStatus = -1; 1230b57cec5SDimitry Andric } 1240b57cec5SDimitry Andric } else if (ErrorCode == ENOMEM || ErrorCode == EAGAIN) { 1250b57cec5SDimitry Andric // Fork failure. 1260b57cec5SDimitry Andric ProcessStatus = -1; 1270b57cec5SDimitry Andric } else { 1280b57cec5SDimitry Andric // Shell execution failure. 1290b57cec5SDimitry Andric ProcessStatus = W_EXITCODE(127, 0); 1300b57cec5SDimitry Andric } 1310b57cec5SDimitry Andric for (unsigned i = 0, n = sizeof(Argv) / sizeof(Argv[0]); i < n; ++i) 1320b57cec5SDimitry Andric free(Argv[i]); 1330b57cec5SDimitry Andric 1340b57cec5SDimitry Andric // Restore the signal handlers of the current process when the last thread 1350b57cec5SDimitry Andric // using this function finishes. 1360b57cec5SDimitry Andric { 1370b57cec5SDimitry Andric std::lock_guard<std::mutex> Lock(SignalMutex); 1380b57cec5SDimitry Andric --ActiveThreadCount; 1390b57cec5SDimitry Andric if (ActiveThreadCount == 0) { 1400b57cec5SDimitry Andric bool FailedRestore = false; 1410b57cec5SDimitry Andric if (sigaction(SIGINT, &OldSigIntAction, NULL) == -1) { 1420b57cec5SDimitry Andric Printf("Failed to restore SIGINT handling\n"); 1430b57cec5SDimitry Andric FailedRestore = true; 1440b57cec5SDimitry Andric } 1450b57cec5SDimitry Andric if (sigaction(SIGQUIT, &OldSigQuitAction, NULL) == -1) { 1460b57cec5SDimitry Andric Printf("Failed to restore SIGQUIT handling\n"); 1470b57cec5SDimitry Andric FailedRestore = true; 1480b57cec5SDimitry Andric } 1490b57cec5SDimitry Andric if (sigprocmask(SIG_BLOCK, &OldBlockedSignalsSet, NULL) == -1) { 1500b57cec5SDimitry Andric Printf("Failed to unblock SIGCHLD\n"); 1510b57cec5SDimitry Andric FailedRestore = true; 1520b57cec5SDimitry Andric } 1530b57cec5SDimitry Andric if (FailedRestore) 1540b57cec5SDimitry Andric ProcessStatus = -1; 1550b57cec5SDimitry Andric } 1560b57cec5SDimitry Andric } 1570b57cec5SDimitry Andric return ProcessStatus; 1580b57cec5SDimitry Andric } 1590b57cec5SDimitry Andric 160480093f4SDimitry Andric void DiscardOutput(int Fd) { 161480093f4SDimitry Andric FILE* Temp = fopen("/dev/null", "w"); 162480093f4SDimitry Andric if (!Temp) 163480093f4SDimitry Andric return; 164480093f4SDimitry Andric dup2(fileno(Temp), Fd); 165480093f4SDimitry Andric fclose(Temp); 166480093f4SDimitry Andric } 167480093f4SDimitry Andric 1680b57cec5SDimitry Andric } // namespace fuzzer 1690b57cec5SDimitry Andric 1700b57cec5SDimitry Andric #endif // LIBFUZZER_APPLE 171