From bfede4e75b078b72b2af21daacef4106fa255c2a Mon Sep 17 00:00:00 2001
From: Richard Patel <ripatel@jumptrading.com>
Date: Tue, 20 Feb 2024 23:24:35 +0000
Subject: [PATCH] quic: make fuzzer permissionless

Also add LSan APIs to util
---
 src/util/sanitize/fd_asan.h      | 15 ++++++++++++
 src/waltz/quic/tests/fuzz_quic.c | 42 +++++++++++++++++---------------
 2 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/src/util/sanitize/fd_asan.h b/src/util/sanitize/fd_asan.h
index d98a53d151..30a186464f 100644
--- a/src/util/sanitize/fd_asan.h
+++ b/src/util/sanitize/fd_asan.h
@@ -92,6 +92,16 @@ static inline void * fd_asan_unpoison( void * addr, ulong sz ) { __asan_unpoison
 static inline int    fd_asan_test    ( void * addr           ) { return __asan_address_is_poisoned( addr );     }
 static inline void * fd_asan_query   ( void * addr, ulong sz ) { return __asan_region_is_poisoned ( addr, sz ); }
 
+int __lsan_is_turned_off(void);
+void __lsan_ignore_object(const void *p);
+void __lsan_disable(void);
+void __lsan_enable(void);
+
+static inline int  fd_lsan_enabled( void           ) { return !__lsan_is_turned_off();   }
+static inline void fd_lsan_ignore ( void const * p ) { __lsan_ignore_object( p ); }
+static inline void fd_lsan_disable( void           ) { __lsan_disable(); }
+static inline void fd_lsan_enable ( void           ) { __lsan_enable(); }
+
 #else
 
 static inline void * fd_asan_poison  ( void * addr, ulong sz ) { (void)sz;             return addr; }
@@ -99,6 +109,11 @@ static inline void * fd_asan_unpoison( void * addr, ulong sz ) { (void)sz;
 static inline int    fd_asan_test    ( void * addr           ) { (void)addr;           return 0;    }
 static inline void * fd_asan_query   ( void * addr, ulong sz ) { (void)addr; (void)sz; return NULL; }
 
+static inline int  fd_lsan_enabled( void           ) { return 0; }
+static inline void fd_lsan_ignore ( void const * p ) { (void)p; }
+static inline void fd_lsan_disable( void           ) {}
+static inline void fd_lsan_enable ( void           ) {}
+
 #endif
 
 FD_PROTOTYPES_END
diff --git a/src/waltz/quic/tests/fuzz_quic.c b/src/waltz/quic/tests/fuzz_quic.c
index cd8ea4c31b..b8c6f95391 100644
--- a/src/waltz/quic/tests/fuzz_quic.c
+++ b/src/waltz/quic/tests/fuzz_quic.c
@@ -2,6 +2,7 @@
 #error "This target requires FD_HAS_HOSTED"
 #endif
 
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -117,9 +118,9 @@ uint send_packet(uchar const *payload, size_t payload_sz) {
 void init_quic(void) {
   void *ctx = (void *)0x1234UL;
   void *shaio = fd_aio_new(_aio, ctx, test_aio_send_func);
-  FD_TEST(shaio);
+  assert( shaio );
   fd_aio_t *aio = fd_aio_join(shaio);
-  FD_TEST(aio);
+  assert(aio);
 
   server_quic->cb.now     = test_clock;
   server_quic->cb.now_ctx = NULL;
@@ -134,29 +135,30 @@ destroy_quic( void ) {
 }
 
 int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  int lsan_enabled = fd_lsan_enabled();
+  fd_lsan_disable();
+
   /* Set up shell without signal handlers */
   putenv("FD_LOG_BACKTRACE=0");
   fd_boot(argc, argv);
   atexit(fd_halt);
 
-  ulong cpu_idx = fd_tile_cpu_id(fd_tile_idx());
-  if (cpu_idx > fd_shmem_cpu_cnt())
-    cpu_idx = 0UL;
+  /* Use unoptimized wksp memory */
+
+  ulong wksp_sz = 13107200UL;
+
+  uchar * mem = aligned_alloc( 4096UL, wksp_sz );
+  assert( mem );
 
-  char const *_page_sz =
-      fd_env_strip_cmdline_cstr(argc, argv, "--page-sz", NULL, "normal");
-  ulong page_cnt =
-      fd_env_strip_cmdline_ulong(argc, argv, "--page-cnt", NULL, 3200UL);
-  ulong numa_idx = fd_env_strip_cmdline_ulong(argc, argv, "--numa-idx", NULL,
-                                              fd_shmem_numa_idx(cpu_idx));
+  ulong part_max = fd_wksp_part_max_est( wksp_sz, 64UL<<10 );
+  assert( part_max );
+  ulong data_max = fd_wksp_data_max_est( wksp_sz, 64UL<<10 );
 
-  ulong page_sz = fd_cstr_to_shmem_page_sz(_page_sz);
-  if (FD_UNLIKELY(!page_sz))
-    FD_LOG_ERR(("unsupported --page-sz"));
+  fd_wksp_t * wksp = fd_wksp_join( fd_wksp_new( mem, "wksp", 42U, part_max, data_max ) );
+  assert( wksp );
 
-  fd_wksp_t *wksp = fd_wksp_new_anonymous(
-      page_sz, page_cnt, fd_shmem_cpu_idx(numa_idx), "wksp", 0UL);
-  FD_TEST(wksp);
+  int shmem_err = fd_shmem_join_anonymous( "wksp", FD_SHMEM_JOIN_MODE_READ_WRITE, wksp, mem, 4096UL, wksp_sz/4096UL );
+  assert( !shmem_err );
 
   fd_quic_limits_t const quic_limits = {.conn_cnt = 10,
                                         .conn_id_cnt = 10,
@@ -167,11 +169,11 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) {
                                         .tx_buf_sz = 1 << 14};
 
   ulong quic_footprint = fd_quic_footprint(&quic_limits);
-  FD_TEST(quic_footprint);
+  assert( quic_footprint );
 
   fd_rng_t _rng[1]; fd_rng_t * rng = fd_rng_join( fd_rng_new( _rng, 0U, 0UL ) );
   server_quic = fd_quic_new_anonymous(wksp, &quic_limits, FD_QUIC_ROLE_SERVER, rng);
-  FD_TEST(server_quic);
+  assert( server_quic );
   fd_rng_delete( fd_rng_leave( rng ) );
 
   fd_quic_config_t *server_config = &server_quic->config;
@@ -184,6 +186,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) {
   server_quic->config.initial_rx_max_stream_data = 1 << 14;
   // server_quic->config.retry = 1;
 
+  if( lsan_enabled )
+    fd_lsan_enable();
   return 0;
 }