Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qemuafl does not build with meson 0.57 and later #21

Closed
bennofs opened this issue Jun 26, 2021 · 3 comments
Closed

qemuafl does not build with meson 0.57 and later #21

bennofs opened this issue Jun 26, 2021 · 3 comments

Comments

@bennofs
Copy link

bennofs commented Jun 26, 2021

Two commits from upstream qemu fix this:

commit f35d3cd44e34f993ddaa1ec4f64ec8e7bce92595 (HEAD)
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Tue Mar 9 16:15:30 2021 +0100

    hexagon: do not specify Python scripts as inputs

    Python scripts are not inputs, and putting them in @INPUT@.  This
    puts requirements on the command line format, keeping all inputs
    close to the name of the script.  Avoid that by not including the
    script in the command and not in the inputs.

    Also wrap "PYTHONPATH" usage with "env", since setting the environment
    this way is not valid under Windows.

    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

commit 3a682e7d32eaf89c8e09749eca464121d9a97914
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Tue Mar 9 16:15:30 2021 +0100

    hexagon: do not specify executables as inputs

    gen_semantics is an executable, not an input.  Meson 0.57 special cases
    the first argument and @INPUT@ is not expanded there.  Fix that by
    not including it in the input, only in the command.

    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Dil4rd pushed a commit to Dil4rd/qemuafl that referenced this issue Jul 26, 2021
@rvka @ebblake
block/nbd: only detach existing iochannel from aio_context
3b5e4db 
When the reconnect in NBD client is in progress, the iochannel used for
NBD connection doesn't exist.  Therefore an attempt to detach it from
the aio_context of the parent BlockDriverState results in a NULL pointer
dereference.

The problem is triggerable, in particular, when an outgoing migration is
about to finish, and stopping the dataplane tries to move the
BlockDriverState from the iothread aio_context to the main loop.  If the
NBD connection is lost before this point, and the NBD client has entered
the reconnect procedure, QEMU crashes:

  #0  qemu_aio_coroutine_enter (ctx=0x5618056c7580, co=0x0)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/qemu-coroutine.c:109
  AFLplusplus#1  0x00005618034b1b68 in nbd_client_attach_aio_context_bh (
      opaque=0x561805ed4c00) at /build/qemu-6MF7tq/qemu-5.0.1/block/nbd.c:164
  AFLplusplus#2  0x000056180353116b in aio_wait_bh (opaque=0x7f60e1e63700)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/aio-wait.c:55
  AFLplusplus#3  0x0000561803530633 in aio_bh_call (bh=0x7f60d40a7e80)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/async.c:136
  AFLplusplus#4  aio_bh_poll (ctx=ctx@entry=0x5618056c7580)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/async.c:164
  AFLplusplus#5  0x0000561803533e5a in aio_poll (ctx=ctx@entry=0x5618056c7580,
      blocking=blocking@entry=true)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/aio-posix.c:650
  AFLplusplus#6  0x000056180353128d in aio_wait_bh_oneshot (ctx=0x5618056c7580,
      cb=<optimized out>, opaque=<optimized out>)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/aio-wait.c:71
  AFLplusplus#7  0x000056180345c50a in bdrv_attach_aio_context (new_context=0x5618056c7580,
      bs=0x561805ed4c00) at /build/qemu-6MF7tq/qemu-5.0.1/block.c:6172
  AFLplusplus#8  bdrv_set_aio_context_ignore (bs=bs@entry=0x561805ed4c00,
      new_context=new_context@entry=0x5618056c7580,
      ignore=ignore@entry=0x7f60e1e63780)
      at /build/qemu-6MF7tq/qemu-5.0.1/block.c:6237
  AFLplusplus#9  0x000056180345c969 in bdrv_child_try_set_aio_context (
      bs=bs@entry=0x561805ed4c00, ctx=0x5618056c7580,
      ignore_child=<optimized out>, errp=<optimized out>)
      at /build/qemu-6MF7tq/qemu-5.0.1/block.c:6332
  AFLplusplus#10 0x00005618034957db in blk_do_set_aio_context (blk=0x56180695b3f0,
      new_context=0x5618056c7580, update_root_node=update_root_node@entry=true,
      errp=errp@entry=0x0)
      at /build/qemu-6MF7tq/qemu-5.0.1/block/block-backend.c:1989
  AFLplusplus#11 0x00005618034980bd in blk_set_aio_context (blk=<optimized out>,
      new_context=<optimized out>, errp=errp@entry=0x0)
      at /build/qemu-6MF7tq/qemu-5.0.1/block/block-backend.c:2010
  AFLplusplus#12 0x0000561803197953 in virtio_blk_data_plane_stop (vdev=<optimized out>)
      at /build/qemu-6MF7tq/qemu-5.0.1/hw/block/dataplane/virtio-blk.c:292
  AFLplusplus#13 0x00005618033d67bf in virtio_bus_stop_ioeventfd (bus=0x5618056d9f08)
      at /build/qemu-6MF7tq/qemu-5.0.1/hw/virtio/virtio-bus.c:245
  AFLplusplus#14 0x00005618031c9b2e in virtio_vmstate_change (opaque=0x5618056d9f90,
      running=0, state=<optimized out>)
      at /build/qemu-6MF7tq/qemu-5.0.1/hw/virtio/virtio.c:3220
  AFLplusplus#15 0x0000561803208bfd in vm_state_notify (running=running@entry=0,
      state=state@entry=RUN_STATE_FINISH_MIGRATE)
      at /build/qemu-6MF7tq/qemu-5.0.1/softmmu/vl.c:1275
  AFLplusplus#16 0x0000561803155c02 in do_vm_stop (state=RUN_STATE_FINISH_MIGRATE,
      send_stop=<optimized out>) at /build/qemu-6MF7tq/qemu-5.0.1/cpus.c:1032
  AFLplusplus#17 0x00005618033e3765 in migration_completion (s=0x5618056e6960)
      at /build/qemu-6MF7tq/qemu-5.0.1/migration/migration.c:2914
  AFLplusplus#18 migration_iteration_run (s=0x5618056e6960)
      at /build/qemu-6MF7tq/qemu-5.0.1/migration/migration.c:3275
  AFLplusplus#19 migration_thread (opaque=opaque@entry=0x5618056e6960)
      at /build/qemu-6MF7tq/qemu-5.0.1/migration/migration.c:3439
  AFLplusplus#20 0x0000561803536ad6 in qemu_thread_start (args=<optimized out>)
      at /build/qemu-6MF7tq/qemu-5.0.1/util/qemu-thread-posix.c:519
  AFLplusplus#21 0x00007f61085d06ba in start_thread ()
     from /lib/x86_64-linux-gnu/libpthread.so.0
  AFLplusplus#22 0x00007f610830641d in sysctl () from /lib/x86_64-linux-gnu/libc.so.6
  AFLplusplus#23 0x0000000000000000 in ?? ()

Fix it by checking that the iochannel is non-null before trying to
detach it from the aio_context.  If it is null, no detaching is needed,
and it will get reattached in the proper aio_context once the connection
is reestablished.

Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210129073859.683063-2-rvkagan@yandex-team.ru>
Signed-off-by: Eric Blake <eblake@redhat.com>
@kotee4ko
Copy link

Can approve it.

Program scripts/decodetree.py found: YES (/usr/bin/python3 /opt/wokr/FUZZING/AFLplusplus/qemu_mode/qemuafl/scripts/decodetree.py)
Program @INPUT@ found: NO

../target/hexagon/meson.build:33:0: ERROR: Program '@INPUT@' not found

A full log can be found at /opt/wokr/FUZZING/AFLplusplus/qemu_mode/qemuafl/build/meson-logs/meson-log.txt

ERROR: meson setup failed

meson --version
0.58.999

@vanhauser-thc
Copy link
Member

vanhauser-thc commented Aug 13, 2021
edited
Loading

you have to report this upstream to qemu itself, the meson setup is by them. until this is fixed and we then update from qemu you will have to install an older version or find a workaround.

@kotee4ko do not post your issues to completely different items!

@vanhauser-thc vanhauser-thc reopened this Aug 13, 2021
@mleithner
Copy link

Since this is still present in the current version, here's a rather simple workaround based on the patches pointed out by @bennofs:

  1. Run build_qemu_support.sh until it fails with the Program '@INPUT@' not found error above. I'm assuming you're now in the qemu_mode folder of AFLplusplus.
  2. cd qemuafl
  3. curl 'https://pastebin.com/raw/i4xw9uNM' | tr -d '\r' > qemu-meson-workaround.patch (this is just a merged version of the two commits; if you'd rather not trust me, manually merge them)
  4. patch -p1 < qemu-meson-workaround.patch
  5. cd ..
  6. NO_CHECKOUT=1 ./build_qemu_support.sh

The NO_CHECKOUT flag must be set to any nonempty string. Otherwise, build_qemu_support.sh will simply checkout qemuafl again, immediately overwriting your patch.
Tested (compiles, not tested if it works) on a6758d1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mleithner @bennofs @vanhauser-thc @kotee4ko