tequilaOS/platform_bionic
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_bionic/libc/bionic/pthread_internal.h

229 lines
8.3 KiB
C
Raw Normal View History

auto import from //depot/cupcake/@135843
2009-03-04 04:28:35 +01:00
/*
* Copyright (C) 2008 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
Switch the rest of our internal headers to #pragma once. We've been using #pragma once for new internal files, but let's be more bold. Bug: N/A Test: builds Change-Id: I7e2ee2730043bd884f9571cdbd8b524043030c07
2018-02-13 23:26:29 +01:00
#pragma once
auto import from //depot/cupcake/@135843
2009-03-04 04:28:35 +01:00
#include <pthread.h>
Make pthread join_state not protected by g_thread_list_lock. 1. Move the representation of thread join_state from pthread.attr.flag to pthread.join_state. This clarifies thread state change. 2. Use atomic operations for pthread.join_state. So we don't need to protect it by g_thread_list_lock. g_thread_list_lock will be reduced to only protect g_thread_list or even removed in further changes. Bug: 19636317 Change-Id: I31fb143a7c69508c7287307dd3b0776993ec0f43
2015-03-07 02:23:53 +01:00
#include <stdatomic.h>
auto import from //depot/cupcake/@135843
2009-03-04 04:28:35 +01:00
HWASan support in bionic. * Allow sanitization of libc (excluding existing global sanitizers) and disallow sanitization of linker. The latter has not been necessary before because HWASan is the first sanitizer to support static binaries (with the exception of CFI, which is not used globally). * Static binary startup: initialize HWASan shadow very early so that almost entire libc can be sanitized. The rest of initialization is done in a global constructor; until that is done sanitized code can run but can't report errors (will simply crash with SIGTRAP). * Switch malloc_common from je_* to __sanitizer_*. * Call hwasan functions when entering and leaving threads. We can not intercept pthread_create when libc depends on libclang_rt.hwasan. An alternative to this would be a callback interface like requested here: https://sourceware.org/glibc/wiki/ThreadPropertiesAPI All of the above is behind a compile-time check __has_feature(hwaddress_sanitizer). This means that HWASan actually requires libc to be instrumented, and would not work otherwise. It's an implementation choice that greatly reduces complexity of the tool. Instrumented libc also guarantees that hwasan is present and initialized in every process, which allows piecemeal sanitization (i.e. library w/o main executable, or even individual static libraries), unlike ASan. Change-Id: If44c46b79b15049d1745ba46ec910ae4f355d19c
2018-08-14 01:46:15 +02:00
#if __has_feature(hwaddress_sanitizer)
#include <sanitizer/hwasan_interface.h>
#else
#define __hwasan_thread_enter()
#define __hwasan_thread_exit()
#endif
Implement dynamic TLS accesses and allocation Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation counter, incremented in the linker, to signal when threads should update/reallocate their DTV objects. A generation count of 0 always indicates the constant zero DTV. Once a DTV is allocated, it isn't freed until the thread exits, because a signal handler could interrupt the fast path of __tls_get_addr between accessing the DTV slot and reading a field of the DTV. Bionic keeps a linked list of DTV objects so it can free them at thread-exit. Dynamic TLS memory is allocated using a BionicAllocator instance in libc_shared_globals. For async-signal safety, access to the linker/libc-shared state is protected by first blocking signals, then by acquiring the reader-writer lock, TlsModules::rwlock. A write lock is needed to allocate or free memory. In pthread_exit, unconditionally block signals before freeing dynamic TLS memory or freeing the shadow call stack. ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C". (The header now includes a C++ template that doesn't compile inside extern "C".) Bug: http://b/78026329 Bug: http://b/123094171 Test: bionic unit tests Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-18 10:00:59 +01:00
#include "private/bionic_elf_tls.h"
Use bionic lock in pthread_internal_t. It removes calling to pthread_mutex_lock() at the beginning of new thread, which helps to support thread sanitizer. Change-Id: Ia3601c476de7976a9177b792bd74bb200cee0e13
2015-10-23 05:07:56 +02:00
#include "private/bionic_lock.h"
Use mmap to create the pthread_internal_t Add name to mmaped regions. Add pthread benchmark code. Allocate pthread_internal_t on regular stack. Bug: 16847284 Change-Id: Id60835163bb0d68092241f1a118015b5a8f85069
2014-12-04 06:36:24 +01:00
#include "private/bionic_tls.h"
Implement pthread_attr_getinheritsched/pthread_attr_setinheritsched. Historically, Android defaulted to EXPLICIT but with a special case because SCHED_NORMAL/priority 0 was awkward. Because the code couldn't actually tell whether SCHED_NORMAL/priority 0 was a genuine attempt to explicitly set those attributes (because the parent thread is SCHED_FIFO, say) or just because the pthread_attr_t was left at its defaults. Now we support INHERIT, we could call sched_getscheduler to see whether we actually need to call sched_setscheduler, but since the major cost is the fixed syscall overhead, we may as well just conservatively call sched_setscheduler and let the kernel decide whether it's a no-op. (Especially because we'd then have to add both sched_getscheduler and sched_setscheduler to any seccomp filter.) Platform code (or app code that only needs to support >= P) can actually add a call to pthread_attr_setinheritsched to say that they just want to inherit (if they know that none of their threads actually mess with scheduler attributes at all), which will save them a sched_setscheduler call except in the doubly-special case of SCHED_RESET_ON_FORK (which we do handle). An alternative would be "make pthread_attr_setschedparams and pthread_attr_setschedprio set EXPLICIT and change the platform default to INHERIT", but even though I can only think of weird pathological examples where anyone would notice that change, that behavior -- of pthread_attr_setschedparams/pthread_attr_setschedprio overriding an earlier call to pthread_attr_setinheritsched -- isn't allowed by POSIX (whereas defaulting to EXPLICIT is). If we have a lot of trouble with this change in the app compatibility testing phase, though, we'll want to reconsider this decision! -*- This change also removes a comment about setting the scheduler attributes in main_thread because we'd have to actually keep them up to date, and it's not clear that doing so would be worth the trouble. Also make async_safe_format_log preserve errno so we don't have to be so careful around it. Bug: http://b/67471710 Test: ran tests Change-Id: Idd026c4ce78a536656adcb57aa2e7b2c616eeddf
2017-10-18 00:34:41 +02:00
// Has the thread been detached by a pthread_join or pthread_detach call?
Only wipe TLS for user-supplied stacks. Bug: 16667988 Change-Id: Id180ab2bc6713e1612386120a306db5bbf1d6046
2014-07-30 23:48:10 +02:00
#define PTHREAD_ATTR_FLAG_DETACHED 0x00000001
Implement pthread_attr_getinheritsched/pthread_attr_setinheritsched. Historically, Android defaulted to EXPLICIT but with a special case because SCHED_NORMAL/priority 0 was awkward. Because the code couldn't actually tell whether SCHED_NORMAL/priority 0 was a genuine attempt to explicitly set those attributes (because the parent thread is SCHED_FIFO, say) or just because the pthread_attr_t was left at its defaults. Now we support INHERIT, we could call sched_getscheduler to see whether we actually need to call sched_setscheduler, but since the major cost is the fixed syscall overhead, we may as well just conservatively call sched_setscheduler and let the kernel decide whether it's a no-op. (Especially because we'd then have to add both sched_getscheduler and sched_setscheduler to any seccomp filter.) Platform code (or app code that only needs to support >= P) can actually add a call to pthread_attr_setinheritsched to say that they just want to inherit (if they know that none of their threads actually mess with scheduler attributes at all), which will save them a sched_setscheduler call except in the doubly-special case of SCHED_RESET_ON_FORK (which we do handle). An alternative would be "make pthread_attr_setschedparams and pthread_attr_setschedprio set EXPLICIT and change the platform default to INHERIT", but even though I can only think of weird pathological examples where anyone would notice that change, that behavior -- of pthread_attr_setschedparams/pthread_attr_setschedprio overriding an earlier call to pthread_attr_setinheritsched -- isn't allowed by POSIX (whereas defaulting to EXPLICIT is). If we have a lot of trouble with this change in the app compatibility testing phase, though, we'll want to reconsider this decision! -*- This change also removes a comment about setting the scheduler attributes in main_thread because we'd have to actually keep them up to date, and it's not clear that doing so would be worth the trouble. Also make async_safe_format_log preserve errno so we don't have to be so careful around it. Bug: http://b/67471710 Test: ran tests Change-Id: Idd026c4ce78a536656adcb57aa2e7b2c616eeddf
2017-10-18 00:34:41 +02:00
// Has the thread been joined by another thread?
Remove PTHREAD_ATTR_FLAG_USER_ALLOCATED_STACK. Patch for https://android-review.googlesource.com/#/c/120844/. Change-Id: Idca5ccd7b28e8f07f1d2d1b6e3bba6781b62f0e0
2015-01-06 18:31:00 +01:00
#define PTHREAD_ATTR_FLAG_JOINED 0x00000002
Only wipe TLS for user-supplied stacks. Bug: 16667988 Change-Id: Id180ab2bc6713e1612386120a306db5bbf1d6046
2014-07-30 23:48:10 +02:00
Preserve historical pthread_create scheduler behavior better. At the cost of two flag bits for what POSIX thinks should be a boolean choice, plus somewhat confusing behavior from pthread_attr_getinheritsched depending on when you call it/what specific scheduler attributes you've set in the pthread_attr_t, we can emulate the old behavior exactly and prevent annoying SELinux denial spam caused by calls to sched_setscheduler. Bug: http://b/68391226 Test: adb logcat on boot contains no sys_nice avc denials Change-Id: I4f759c2c4fd1d80cceb0912d7da09d35902e2e5e
2017-10-28 00:28:54 +02:00
// Used for pthread_attr_setinheritsched. We need two flags for this apparent
// boolean because our historical behavior matches neither of the POSIX choices.
Implement pthread_attr_getinheritsched/pthread_attr_setinheritsched. Historically, Android defaulted to EXPLICIT but with a special case because SCHED_NORMAL/priority 0 was awkward. Because the code couldn't actually tell whether SCHED_NORMAL/priority 0 was a genuine attempt to explicitly set those attributes (because the parent thread is SCHED_FIFO, say) or just because the pthread_attr_t was left at its defaults. Now we support INHERIT, we could call sched_getscheduler to see whether we actually need to call sched_setscheduler, but since the major cost is the fixed syscall overhead, we may as well just conservatively call sched_setscheduler and let the kernel decide whether it's a no-op. (Especially because we'd then have to add both sched_getscheduler and sched_setscheduler to any seccomp filter.) Platform code (or app code that only needs to support >= P) can actually add a call to pthread_attr_setinheritsched to say that they just want to inherit (if they know that none of their threads actually mess with scheduler attributes at all), which will save them a sched_setscheduler call except in the doubly-special case of SCHED_RESET_ON_FORK (which we do handle). An alternative would be "make pthread_attr_setschedparams and pthread_attr_setschedprio set EXPLICIT and change the platform default to INHERIT", but even though I can only think of weird pathological examples where anyone would notice that change, that behavior -- of pthread_attr_setschedparams/pthread_attr_setschedprio overriding an earlier call to pthread_attr_setinheritsched -- isn't allowed by POSIX (whereas defaulting to EXPLICIT is). If we have a lot of trouble with this change in the app compatibility testing phase, though, we'll want to reconsider this decision! -*- This change also removes a comment about setting the scheduler attributes in main_thread because we'd have to actually keep them up to date, and it's not clear that doing so would be worth the trouble. Also make async_safe_format_log preserve errno so we don't have to be so careful around it. Bug: http://b/67471710 Test: ran tests Change-Id: Idd026c4ce78a536656adcb57aa2e7b2c616eeddf
2017-10-18 00:34:41 +02:00
#define PTHREAD_ATTR_FLAG_INHERIT 0x00000004
Preserve historical pthread_create scheduler behavior better. At the cost of two flag bits for what POSIX thinks should be a boolean choice, plus somewhat confusing behavior from pthread_attr_getinheritsched depending on when you call it/what specific scheduler attributes you've set in the pthread_attr_t, we can emulate the old behavior exactly and prevent annoying SELinux denial spam caused by calls to sched_setscheduler. Bug: http://b/68391226 Test: adb logcat on boot contains no sys_nice avc denials Change-Id: I4f759c2c4fd1d80cceb0912d7da09d35902e2e5e
2017-10-28 00:28:54 +02:00
#define PTHREAD_ATTR_FLAG_EXPLICIT 0x00000008
Implement pthread_attr_getinheritsched/pthread_attr_setinheritsched. Historically, Android defaulted to EXPLICIT but with a special case because SCHED_NORMAL/priority 0 was awkward. Because the code couldn't actually tell whether SCHED_NORMAL/priority 0 was a genuine attempt to explicitly set those attributes (because the parent thread is SCHED_FIFO, say) or just because the pthread_attr_t was left at its defaults. Now we support INHERIT, we could call sched_getscheduler to see whether we actually need to call sched_setscheduler, but since the major cost is the fixed syscall overhead, we may as well just conservatively call sched_setscheduler and let the kernel decide whether it's a no-op. (Especially because we'd then have to add both sched_getscheduler and sched_setscheduler to any seccomp filter.) Platform code (or app code that only needs to support >= P) can actually add a call to pthread_attr_setinheritsched to say that they just want to inherit (if they know that none of their threads actually mess with scheduler attributes at all), which will save them a sched_setscheduler call except in the doubly-special case of SCHED_RESET_ON_FORK (which we do handle). An alternative would be "make pthread_attr_setschedparams and pthread_attr_setschedprio set EXPLICIT and change the platform default to INHERIT", but even though I can only think of weird pathological examples where anyone would notice that change, that behavior -- of pthread_attr_setschedparams/pthread_attr_setschedprio overriding an earlier call to pthread_attr_setinheritsched -- isn't allowed by POSIX (whereas defaulting to EXPLICIT is). If we have a lot of trouble with this change in the app compatibility testing phase, though, we'll want to reconsider this decision! -*- This change also removes a comment about setting the scheduler attributes in main_thread because we'd have to actually keep them up to date, and it's not clear that doing so would be worth the trouble. Also make async_safe_format_log preserve errno so we don't have to be so careful around it. Bug: http://b/67471710 Test: ran tests Change-Id: Idd026c4ce78a536656adcb57aa2e7b2c616eeddf
2017-10-18 00:34:41 +02:00
Make pthread join_state not protected by g_thread_list_lock. 1. Move the representation of thread join_state from pthread.attr.flag to pthread.join_state. This clarifies thread state change. 2. Use atomic operations for pthread.join_state. So we don't need to protect it by g_thread_list_lock. g_thread_list_lock will be reduced to only protect g_thread_list or even removed in further changes. Bug: 19636317 Change-Id: I31fb143a7c69508c7287307dd3b0776993ec0f43
2015-03-07 02:23:53 +01:00
enum ThreadJoinState {
THREAD_NOT_JOINED,
THREAD_EXITED_NOT_JOINED,
THREAD_JOINED,
THREAD_DETACHED
};
Defend against -fstack-protector in libc startup. Exactly which functions get a stack protector is up to the compiler, so let's separate the code that sets up the environment stack protection requires and explicitly build it with -fno-stack-protector. Bug: http://b/26276517 Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
2016-01-07 04:51:43 +01:00
class thread_local_dtor;
Don't use __thread in __cxa_thread_finalize(). Currently we use __thread variable to store thread_local_dtors, which makes tsan test fork_atexit.cc hang. The problem is as below: The main thread creates a worker thread, the worker thread calls pthread_exit() -> __cxa_thread_finalize() -> __emutls_get_address() -> pthread_once(emutls_init) -> emutls_init(). Then the main thread calls fork(), the child process cals exit() -> __cxa_thread_finalize() -> __emutls_get_address() -> pthread_once(emutls_init). So the child process is waiting for pthread_once(emutls_init) to finish which will never occur. It might be the test's fault because POSIX standard says if a multi-threaded process calls fork(), the new process may only execute async-signal-safe operations until exec functions are called. And exit() is not async-signal-safe. But we can make bionic more reliable by not using __thread in __cxa_thread_finalize(). Bug: 25392375 Change-Id: Ife403dd7379dad8ddf1859c348c1c0adea07afb3
2015-11-25 02:24:06 +01:00
Defend against -fstack-protector in libc startup. Exactly which functions get a stack protector is up to the compiler, so let's separate the code that sets up the environment stack protection requires and explicitly build it with -fno-stack-protector. Bug: http://b/26276517 Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
2016-01-07 04:51:43 +01:00
class pthread_internal_t {
Remove the global thread list. Another release, another attempt to fix this bug. This change affects pthread_detach, pthread_getcpuclockid, pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill: instead of returning ESRCH when passed an invalid pthread_t, they'll now SEGV. Note that this doesn't change behavior as much as you might think: the old lookup only held the global thread list lock for the duration of the lookup, so there was still a race between that and the dereference in the caller, given that callers actually need the tid to pass to some syscall or other, and sometimes update fields in the pthread_internal_t struct too. We can't check thread->tid against 0 to see whether a pthread_t is still valid because a dead thread gets its thread struct unmapped along with its stack, so the dereference isn't safe. Taking the affected functions one by one: * pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam should be fine. Unsafe calls to those seem highly unlikely. * Unsafe pthread_detach callers probably want to switch to pthread_attr_setdetachstate instead, or using pthread_detach(pthread_self()) from the new thread's start routine rather than doing the detach in the parent. * pthread_join calls should be safe anyway, because a joinable thread won't actually exit and unmap until it's joined. If you're joining an unjoinable thread, the fix is to stop marking it detached. If you're joining an already-joined thread, you need to rethink your design. * Unsafe pthread_kill calls aren't portably fixable. (And are obviously inherently non-portable as-is.) The best alternative on Android is to use pthread_gettid_np at some point that you know the thread to be alive, and then call kill/tgkill directly. That's still not completely safe because if you're too late, the tid may have been reused, but then your code is inherently unsafe anyway. If we find too much code is still broken, we can come back and disable the global thread list lookups for anything targeting >= O and then have another go at really removing this in P... Bug: http://b/19636317 Test: N6P boots, bionic tests pass Change-Id: Ia92641212f509344b99ee2a9bfab5383147fcba6
2017-01-04 23:12:54 +01:00
public:
Revert "Remove the global thread list." This reverts commit b0e8c565a622b5519e03d4416b0b5b1a5f20d7f5. Breaks swiftshader (http:/b/34883464). Change-Id: I7b21193ba8a78f07d7ac65e41d0fe8516940a83b
2017-02-02 03:41:38 +01:00
class pthread_internal_t* next;
class pthread_internal_t* prev;
Fix pthread_join. Let the kernel keep pthread_internal_t::tid updated, including across forks and for the main thread. This then lets us fix pthread_join to only return after the thread has really exited. Also fix the thread attributes of the main thread so we don't unmap the main thread's stack (which is really owned by the dynamic linker and contains things like environment variables), which fixes crashes when joining with an exited main thread and also fixes problems reported publicly with accessing environment variables after the main thread exits (for which I've added a new unit test). In passing I also fixed a bug where if the clone(2) inside pthread_create(3) fails, we'd unmap the child's stack and TLS (which contains the mutex) and then try to unlock the mutex. Boom! It wasn't until after I'd uploaded the fix for this that I came across a new public bug reporting this exact failure. Bug: 8206355 Bug: 11693195 Bug: https://code.google.com/p/android/issues/detail?id=57421 Bug: https://code.google.com/p/android/issues/detail?id=62392 Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
2013-11-16 02:40:18 +01:00
pid_t tid;
Cache getpid. In practice, with this implementation we never need to make a system call. We get the main thread's tid (which is the same as our pid) back from the set_tid_address system call we have to make during initialization. A new pthread will have the same pid as its parent, and a fork child's main (and only) thread will have a pid equal to its tid, which we get for free from the kernel before clone returns. The only time we'd actually have to make a getpid system call now is if we take a signal during fork and the signal handler calls getpid. (That, or we call getpid in the dynamic linker while it's still dealing with its own relocations and hasn't even set up the main thread yet.) Bug: 15387103 Change-Id: I6d4718ed0a5c912fc75b5f738c49a023dbed5189
2014-06-20 01:39:01 +02:00
private:
pid_t cached_pid_;
public:
pid_t invalidate_cached_pid() {
pid_t old_value;
get_cached_pid(&old_value);
set_cached_pid(0);
return old_value;
}
void set_cached_pid(pid_t value) {
cached_pid_ = value;
}
bool get_cached_pid(pid_t* cached_pid) {
*cached_pid = cached_pid_;
return (*cached_pid != 0);
}
Fix pthread_join. Let the kernel keep pthread_internal_t::tid updated, including across forks and for the main thread. This then lets us fix pthread_join to only return after the thread has really exited. Also fix the thread attributes of the main thread so we don't unmap the main thread's stack (which is really owned by the dynamic linker and contains things like environment variables), which fixes crashes when joining with an exited main thread and also fixes problems reported publicly with accessing environment variables after the main thread exits (for which I've added a new unit test). In passing I also fixed a bug where if the clone(2) inside pthread_create(3) fails, we'd unmap the child's stack and TLS (which contains the mutex) and then try to unlock the mutex. Boom! It wasn't until after I'd uploaded the fix for this that I came across a new public bug reporting this exact failure. Bug: 8206355 Bug: 11693195 Bug: https://code.google.com/p/android/issues/detail?id=57421 Bug: https://code.google.com/p/android/issues/detail?id=62392 Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
2013-11-16 02:40:18 +01:00
pthread_attr_t attr;
Make pthread join_state not protected by g_thread_list_lock. 1. Move the representation of thread join_state from pthread.attr.flag to pthread.join_state. This clarifies thread state change. 2. Use atomic operations for pthread.join_state. So we don't need to protect it by g_thread_list_lock. g_thread_list_lock will be reduced to only protect g_thread_list or even removed in further changes. Bug: 19636317 Change-Id: I31fb143a7c69508c7287307dd3b0776993ec0f43
2015-03-07 02:23:53 +01:00
_Atomic(ThreadJoinState) join_state;
Fix pthread_join. Let the kernel keep pthread_internal_t::tid updated, including across forks and for the main thread. This then lets us fix pthread_join to only return after the thread has really exited. Also fix the thread attributes of the main thread so we don't unmap the main thread's stack (which is really owned by the dynamic linker and contains things like environment variables), which fixes crashes when joining with an exited main thread and also fixes problems reported publicly with accessing environment variables after the main thread exits (for which I've added a new unit test). In passing I also fixed a bug where if the clone(2) inside pthread_create(3) fails, we'd unmap the child's stack and TLS (which contains the mutex) and then try to unlock the mutex. Boom! It wasn't until after I'd uploaded the fix for this that I came across a new public bug reporting this exact failure. Bug: 8206355 Bug: 11693195 Bug: https://code.google.com/p/android/issues/detail?id=57421 Bug: https://code.google.com/p/android/issues/detail?id=62392 Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
2013-11-16 02:40:18 +01:00
__pthread_cleanup_t* cleanup_stack;
void* (*start_routine)(void*);
void* start_routine_arg;
void* return_value;
void* alternate_signal_stack;
bionic: Add shadow call stack guard region field to pthread_internal_t. Landing this change separately to the change that implements SCS because it needs to land at the same time as an internal change. This will simplify the situation in case SCS needs to be reverted again. Change-Id: Ibe18750829665b6dcf6e36628a5e5bbdd1a0dd4f Merged-In: Ibe18750829665b6dcf6e36628a5e5bbdd1a0dd4f
2018-11-07 23:48:29 +01:00
// The start address of the shadow call stack's guard region (arm64 only).
// This address is only used to deallocate the shadow call stack on thread
// exit; the address of the stack itself is stored only in the x18 register.
// Because the protection offered by SCS relies on the secrecy of the stack
// address, storing the address here weakens the protection, but only
// slightly, because it is relatively easy for an attacker to discover the
// address of the guard region anyway (e.g. it can be discovered by reference
// to other allocations), but not the stack itself, which is <0.1% of the size
// of the guard region.
//
// There are at least two other options for discovering the start address of
// the guard region on thread exit, but they are not as simple as storing in
// TLS.
// 1) Derive it from the value of the x18 register. This is only possible in
// processes that do not contain legacy code that might clobber x18,
// therefore each process must declare early during process startup whether
// it might load legacy code.
// 2) Mark the guard region as such using prctl(PR_SET_VMA_ANON_NAME) and
// discover its address by reading /proc/self/maps. One issue with this is
// that reading /proc/self/maps can race with allocations, so we may need
// code to handle retries.
void* shadow_call_stack_guard_region;
Use bionic lock in pthread_internal_t. It removes calling to pthread_mutex_lock() at the beginning of new thread, which helps to support thread sanitizer. Change-Id: Ia3601c476de7976a9177b792bd74bb200cee0e13
2015-10-23 05:07:56 +02:00
Lock startup_handshake_lock;
Revert "Revert "Lose the hand-written futex assembler."" The problem with the original patch was that using syscall(3) means that errno can be set, but pthread_create(3) was abusing the TLS errno slot as a pthread_mutex_t for the thread startup handshake. There was also a mistake in the check for syscall failures --- it should have checked against -1 instead of 0 (not just because that's the default idiom, but also here because futex(2) can legitimately return values > 0). This patch stops abusing the TLS errno slot and adds a pthread_mutex_t to pthread_internal_t instead. (Note that for LP64 sizeof(pthread_mutex_t) > sizeof(uintptr_t), so we could potentially clobber other TLS slots too.) I've also rewritten the LP32 compatibility stubs to directly reuse the code from the .h file. This reverts commit 75c55ff84ebfa686c7ae2cc8ee431c6a33bd46b4. Bug: 15195455 Change-Id: I6ffb13e5cf6a35d8f59f692d94192aae9ab4593d
2014-05-28 21:35:33 +02:00
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
void* mmap_base;
Remove PTHREAD_ATTR_FLAG_USER_ALLOCATED_STACK. Patch for https://android-review.googlesource.com/#/c/120844/. Change-Id: Idca5ccd7b28e8f07f1d2d1b6e3bba6781b62f0e0
2015-01-06 18:31:00 +01:00
size_t mmap_size;
Reserve enough user request stack space in pthread_create. Bug: 18830897 Change-Id: I1ba4aaeaf66a7ff99c5d82ad45469011171b0a3b
2014-12-23 04:17:33 +01:00
Don't use __thread in __cxa_thread_finalize(). Currently we use __thread variable to store thread_local_dtors, which makes tsan test fork_atexit.cc hang. The problem is as below: The main thread creates a worker thread, the worker thread calls pthread_exit() -> __cxa_thread_finalize() -> __emutls_get_address() -> pthread_once(emutls_init) -> emutls_init(). Then the main thread calls fork(), the child process cals exit() -> __cxa_thread_finalize() -> __emutls_get_address() -> pthread_once(emutls_init). So the child process is waiting for pthread_once(emutls_init) to finish which will never occur. It might be the test's fault because POSIX standard says if a multi-threaded process calls fork(), the new process may only execute async-signal-safe operations until exec functions are called. And exit() is not async-signal-safe. But we can make bionic more reliable by not using __thread in __cxa_thread_finalize(). Bug: 25392375 Change-Id: Ife403dd7379dad8ddf1859c348c1c0adea07afb3
2015-11-25 02:24:06 +01:00
thread_local_dtor* thread_local_dtors;
Fix pthread_join. Let the kernel keep pthread_internal_t::tid updated, including across forks and for the main thread. This then lets us fix pthread_join to only return after the thread has really exited. Also fix the thread attributes of the main thread so we don't unmap the main thread's stack (which is really owned by the dynamic linker and contains things like environment variables), which fixes crashes when joining with an exited main thread and also fixes problems reported publicly with accessing environment variables after the main thread exits (for which I've added a new unit test). In passing I also fixed a bug where if the clone(2) inside pthread_create(3) fails, we'd unmap the child's stack and TLS (which contains the mutex) and then try to unlock the mutex. Boom! It wasn't until after I'd uploaded the fix for this that I came across a new public bug reporting this exact failure. Bug: 8206355 Bug: 11693195 Bug: https://code.google.com/p/android/issues/detail?id=57421 Bug: https://code.google.com/p/android/issues/detail?id=62392 Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
2013-11-16 02:40:18 +01:00
/*
* The dynamic linker implements dlerror(3), which makes it hard for us to implement this
* per-thread buffer by simply using malloc(3) and free(3).
*/
Move dlerror out of a TLS slot and into a pthread_internal_t member. Bug: N/A Test: boots, tests pass. Change-Id: Idf25d2ee457a5d26d0bdd6281cee72c345c8b755
2018-11-14 00:30:07 +01:00
char* current_dlerror;
Make dlerror(3) thread-safe. I gave up trying to use the usual thread-local buffer idiom; calls to calloc(3) and free(3) from any of the "dl" functions -- which live in the dynamic linker -- end up resolving to the dynamic linker's stubs. I tried to work around that, but was just making things more complicated. This alternative costs us a well-known TLS slot (instead of the dynamically-allocated TLS slot we'd have used otherwise, so no difference there), plus an extra buffer inside every pthread_internal_t. Bug: 5404023 Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
2012-10-17 00:54:46 +02:00
#define __BIONIC_DLERROR_BUFFER_SIZE 512
Fix pthread_join. Let the kernel keep pthread_internal_t::tid updated, including across forks and for the main thread. This then lets us fix pthread_join to only return after the thread has really exited. Also fix the thread attributes of the main thread so we don't unmap the main thread's stack (which is really owned by the dynamic linker and contains things like environment variables), which fixes crashes when joining with an exited main thread and also fixes problems reported publicly with accessing environment variables after the main thread exits (for which I've added a new unit test). In passing I also fixed a bug where if the clone(2) inside pthread_create(3) fails, we'd unmap the child's stack and TLS (which contains the mutex) and then try to unlock the mutex. Boom! It wasn't until after I'd uploaded the fix for this that I came across a new public bug reporting this exact failure. Bug: 8206355 Bug: 11693195 Bug: https://code.google.com/p/android/issues/detail?id=57421 Bug: https://code.google.com/p/android/issues/detail?id=62392 Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
2013-11-16 02:40:18 +01:00
char dlerror_buffer[__BIONIC_DLERROR_BUFFER_SIZE];
Allocate thread local buffers in __init_tls. Thread local buffers were using pthread_setspecific for storage with lazy initialization. pthread_setspecific shares TLS slots between the linker and libc.so, so thread local buffers being initialized in a different order between libc.so and the linker meant that bad things would happen (manifesting as snprintf not working because the locale was mangled) Bug: http://b/20464031 Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests everything passes Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests thread_local tests are failing both before and after (KUSER_HELPERS?) Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static no additional failures Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
2017-02-22 21:19:05 +01:00
bionic_tls* bionic_tls;
Move Bionic slots to the end of pthread_internal_t With ELF TLS, the static linker assumes that an executable's TLS segment is at a known offset from the thread pointer (i.e. __get_tls()). The segment can be located prior to the TP (variant 2, x86[_64], sparc) or after it (variant 1, arm{32,64}, ppc, mips, ia64, riscv). We can't make our pthread_internal_t exactly follow the ordinary arm64 ABI (at least) because TP[5] is used for clang's -fstack-protector on Android. Instead, reserve extra space after the TP (up to 16 words), which will be followed by the executable's TLS segment. Bug: http://b/78026329 Test: boot device, bionic unit tests Change-Id: I0f3b270b793f9872ba0effeac03f4dec364438d6 Merged-In: I0f3b270b793f9872ba0effeac03f4dec364438d6 (cherry picked from commit f397317e96928ef24b980d5c73d08829c0e70cd4)
2018-10-20 05:35:23 +02:00
Move errno to a pthread_internal_t field. This change is intended to allow native-bridge to use independent TLS memory for host and guest environments, while still sharing a thread-local errno between the two. Bug: http://b/78026329 Test: bionic unit tests Change-Id: I838cd321e159add60760bc12a8aa7e9ddc960c33 Merged-In: I838cd321e159add60760bc12a8aa7e9ddc960c33 (cherry picked from commit a9c7c55462392a6b974761831744f6d80ca162df)
2018-12-07 10:47:00 +01:00
int errno_value;
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
};
Move errno to a pthread_internal_t field. This change is intended to allow native-bridge to use independent TLS memory for host and guest environments, while still sharing a thread-local errno between the two. Bug: http://b/78026329 Test: bionic unit tests Change-Id: I838cd321e159add60760bc12a8aa7e9ddc960c33 Merged-In: I838cd321e159add60760bc12a8aa7e9ddc960c33 (cherry picked from commit a9c7c55462392a6b974761831744f6d80ca162df)
2018-12-07 10:47:00 +01:00
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
struct ThreadMapping {
char* mmap_base;
size_t mmap_size;
Reverse two pthread_internal_t fields The golang runtime currently expects to find the pthread key data after the tls slots. Bug: http://b/78026329 Bug: http://b/118381796 Test: run a golang-based app, bionic unit tests Change-Id: Idc777d809b803093e1c81d9a2ce4eafcc7d61f8d Merged-In: Idc777d809b803093e1c81d9a2ce4eafcc7d61f8d (cherry picked from commit a2c30723dac6b570247ac1bc7190850616f4db93)
2018-10-30 00:31:51 +01:00
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
char* static_tls;
char* stack_base;
char* stack_top;
Fix alignment error for pthread_internal_t/pthread stack. aligned attribute can only control compiler's behavior, but we are manually allocating pthread_internal_t. So we need to make sure of alignment manually. Change-Id: Iea4c46eadf10dfd15dc955c5f41cf6063cfd8536
2015-03-20 18:58:04 +01:00
};
auto import from //depot/cupcake/@135843
2009-03-04 04:28:35 +01:00
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
__LIBC_HIDDEN__ void __init_tcb(bionic_tcb* tcb, pthread_internal_t* thread);
__LIBC_HIDDEN__ void __init_tcb_stack_guard(bionic_tcb* tcb);
Implement dynamic TLS accesses and allocation Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation counter, incremented in the linker, to signal when threads should update/reallocate their DTV objects. A generation count of 0 always indicates the constant zero DTV. Once a DTV is allocated, it isn't freed until the thread exits, because a signal handler could interrupt the fast path of __tls_get_addr between accessing the DTV slot and reading a field of the DTV. Bionic keeps a linked list of DTV objects so it can free them at thread-exit. Dynamic TLS memory is allocated using a BionicAllocator instance in libc_shared_globals. For async-signal safety, access to the linker/libc-shared state is protected by first blocking signals, then by acquiring the reader-writer lock, TlsModules::rwlock. A write lock is needed to allocate or free memory. In pthread_exit, unconditionally block signals before freeing dynamic TLS memory or freeing the shadow call stack. ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C". (The header now includes a C++ template that doesn't compile inside extern "C".) Bug: http://b/78026329 Bug: http://b/123094171 Test: bionic unit tests Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-18 10:00:59 +01:00
__LIBC_HIDDEN__ void __init_tcb_dtv(bionic_tcb* tcb);
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
__LIBC_HIDDEN__ void __init_bionic_tls_ptrs(bionic_tcb* tcb, bionic_tls* tls);
__LIBC_HIDDEN__ bionic_tls* __allocate_temp_bionic_tls();
__LIBC_HIDDEN__ void __free_temp_bionic_tls(bionic_tls* tls);
bionic: Allocate a shadow call stack for each thread. Instead of allocating the stack within a 16MB guard region as we were doing before, just allocate the stack on its own. This isn't as secure as with the guard region (since it means that an attacker who can read the pthread_internal_t can determine the address of the SCS), but it will at least allow us to discover more blockers until a solution to b/118642754 is decided on. Bug: 112907825 Bug: 118642754 Change-Id: Ibe5dffbad1b4700eaa0e24177eea792e7c329a61
2018-09-07 07:20:44 +02:00
__LIBC_HIDDEN__ void __init_additional_stacks(pthread_internal_t*);
Split main thread init into early+late functions Split __libc_init_main_thread into __libc_init_main_thread_early and __libc_init_main_thread_late. The early function is called very early in the startup of the dynamic linker and static executables. It initializes the global auxv pointer and enough TLS memory to do system calls, access errno, and run -fstack-protector code (but with a zero cookie because the code for generating a cookie is complex). After the linker is relocated, __libc_init_main_thread_late finishes thread initialization. Bug: none Test: bionic unit tests Change-Id: I6fcd8d7587a380f8bd649c817b40a3a6cc1d2ee0 Merged-In: I6fcd8d7587a380f8bd649c817b40a3a6cc1d2ee0 (cherry picked from commit 39bc44bb0e03514e8d92f8c0ceb0b5901e27a485)
2018-11-22 11:44:09 +01:00
__LIBC_HIDDEN__ int __init_thread(pthread_internal_t* thread);
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
__LIBC_HIDDEN__ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_size);
Add pthread_gettid_np and re-expose __get_thread for LP32. A lot of third-party code calls the private __get_thread symbol, often as part of a backport of bionic's pthread_rwlock implementation. Hopefully this will go away for LP64 (since you're guaranteed the real implementation there), but there are still APIs that take a tid and no way to convert between a pthread_t and a tid. pthread_gettid_np is a public API for that. To aid the transition, make __get_thread available again for LP32. (cherry-pick of 27efc48814b8153c55cbcd0af5d9add824816e69.) Bug: 14079438 Change-Id: I43fabc7f1918250d31d4665ffa4ca352d0dbeac1
2014-09-12 01:11:43 +02:00
Pass caller names to __pthread_internal_find for better errors. On http://b/122082295 we had this abort: 12-27 15:29:31.237 10222 10814 10848 F libc : invalid pthread_t 0xb1907960 passed to libc This wasn't super helpful. We can do better. Now you get something like this instead: 03-27 02:34:58.754 25329 25329 W libc : invalid pthread_t (0) passed to pthread_join Test: adb shell crasher Bug: http://b/123255692 Change-Id: I1d545665a233308480cc3747ec3120e2b6de0453
2019-02-02 01:31:10 +01:00
__LIBC_HIDDEN__ pthread_t __pthread_internal_add(pthread_internal_t* thread);
__LIBC_HIDDEN__ pthread_internal_t* __pthread_internal_find(pthread_t pthread_id, const char* caller);
__LIBC_HIDDEN__ pid_t __pthread_internal_gettid(pthread_t pthread_id, const char* caller);
__LIBC_HIDDEN__ void __pthread_internal_remove(pthread_internal_t* thread);
__LIBC_HIDDEN__ void __pthread_internal_remove_and_free(pthread_internal_t* thread);
Revert "Remove the global thread list." This reverts commit b0e8c565a622b5519e03d4416b0b5b1a5f20d7f5. Breaks swiftshader (http:/b/34883464). Change-Id: I7b21193ba8a78f07d7ac65e41d0fe8516940a83b
2017-02-02 03:41:38 +01:00
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
static inline __always_inline bionic_tcb* __get_bionic_tcb() {
return reinterpret_cast<bionic_tcb*>(&__get_tls()[MIN_TLS_SLOT]);
}
Make __get_thread inlined. Bug: 19825434 Change-Id: Ifb672a45a5776b83625a25654ed0d6f7fc368ae3
2015-03-18 22:14:02 +01:00
// Make __get_thread() inlined for performance reason. See http://b/19825434.
static inline __always_inline pthread_internal_t* __get_thread() {
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
return static_cast<pthread_internal_t*>(__get_tls()[TLS_SLOT_THREAD_ID]);
Make __get_thread inlined. Bug: 19825434 Change-Id: Ifb672a45a5776b83625a25654ed0d6f7fc368ae3
2015-03-18 22:14:02 +01:00
}
auto import from //depot/cupcake/@135843
2009-03-04 04:28:35 +01:00
Allocate thread local buffers in __init_tls. Thread local buffers were using pthread_setspecific for storage with lazy initialization. pthread_setspecific shares TLS slots between the linker and libc.so, so thread local buffers being initialized in a different order between libc.so and the linker meant that bad things would happen (manifesting as snprintf not working because the locale was mangled) Bug: http://b/20464031 Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests everything passes Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests thread_local tests are failing both before and after (KUSER_HELPERS?) Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static no additional failures Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
2017-02-22 21:19:05 +01:00
static inline __always_inline bionic_tls& __get_bionic_tls() {
Reorganize static TLS memory for ELF TLS For ELF TLS "local-exec" accesses, the static linker assumes that an executable's TLS segment is located at a statically-known offset from the thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86). Because these layouts are incompatible, Bionic generally needs to allocate its TLS slots differently between different architectures. To allow per-architecture TLS slots: - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are generally negative, while new x86 slots are generally positive. - Define a bionic_tcb struct that provides two things: - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field - an inline accessor function: void*& tls_slot(size_t tpindex); For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots), because the runtime linker doesn't know how large the static TLS area is until after it has loaded all of the initial solibs. To accommodate Golang, it's necessary to allocate the pthread keys at a fixed, small, positive offset from the thread pointer. This CL moves the pthread keys into bionic_tls, then allocates a single mapping per thread that looks like so: - stack guard - stack [omitted for main thread and with pthread_attr_setstack] - static TLS: - bionic_tcb [exec TLS will either precede or succeed the TCB] - bionic_tls [prefixed by the pthread keys] - [solib TLS segments will be placed here] - guard page As before, if the new mapping includes a stack, the pthread_internal_t is allocated on it. At startup, Bionic allocates a temporary bionic_tcb object on the stack, then allocates a temporary bionic_tls object using mmap. This mmap is delayed because the linker can't currently call async_safe_fatal() before relocating itself. Later, Bionic allocates a stack-less thread mapping for the main thread, and copies slots from the temporary TCB to the new TCB. (See *::copy_from_bootstrap methods.) Bug: http://b/78026329 Test: bionic unit tests Test: verify that a Golang app still works Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3 (cherry picked from commit 1e660b70da625fcbf1e43dfae09b7b4817fa1660)
2019-01-03 11:51:30 +01:00
return *static_cast<bionic_tls*>(__get_tls()[TLS_SLOT_BIONIC_TLS]);
Allocate thread local buffers in __init_tls. Thread local buffers were using pthread_setspecific for storage with lazy initialization. pthread_setspecific shares TLS slots between the linker and libc.so, so thread local buffers being initialized in a different order between libc.so and the linker meant that bad things would happen (manifesting as snprintf not working because the locale was mangled) Bug: http://b/20464031 Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests everything passes Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests thread_local tests are failing both before and after (KUSER_HELPERS?) Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static no additional failures Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
2017-02-22 21:19:05 +01:00
}
Implement dynamic TLS accesses and allocation Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation counter, incremented in the linker, to signal when threads should update/reallocate their DTV objects. A generation count of 0 always indicates the constant zero DTV. Once a DTV is allocated, it isn't freed until the thread exits, because a signal handler could interrupt the fast path of __tls_get_addr between accessing the DTV slot and reading a field of the DTV. Bionic keeps a linked list of DTV objects so it can free them at thread-exit. Dynamic TLS memory is allocated using a BionicAllocator instance in libc_shared_globals. For async-signal safety, access to the linker/libc-shared state is protected by first blocking signals, then by acquiring the reader-writer lock, TlsModules::rwlock. A write lock is needed to allocate or free memory. In pthread_exit, unconditionally block signals before freeing dynamic TLS memory or freeing the shadow call stack. ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C". (The header now includes a C++ template that doesn't compile inside extern "C".) Bug: http://b/78026329 Bug: http://b/123094171 Test: bionic unit tests Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-18 10:00:59 +01:00
static inline __always_inline TlsDtv* __get_tcb_dtv(bionic_tcb* tcb) {
uintptr_t dtv_slot = reinterpret_cast<uintptr_t>(tcb->tls_slot(TLS_SLOT_DTV));
return reinterpret_cast<TlsDtv*>(dtv_slot - offsetof(TlsDtv, generation));
}
static inline void __set_tcb_dtv(bionic_tcb* tcb, TlsDtv* val) {
tcb->tls_slot(TLS_SLOT_DTV) = &val->generation;
}
[hwasan] Tweak process and thread initialization. Make sure that TLS_SLOT_TSAN is always available and correctly set up in HWASan-instrumented functions by setting up the tls register and running hwasan initialization (__hwasan_init in the main thread and __hwasan_thread_enter in secondary) early enough. This is needed to accomodate a change in HWASan: https://reviews.llvm.org/D52249 Bug: 112438058 Test: boot with SANITIZE_TARGET=hwaddress, run bionic-tests Change-Id: Icd909a4ea0da6c6c1095522bcc28debef5f2c63d
2018-09-20 01:29:12 +02:00
extern "C" __LIBC_HIDDEN__ int __set_tls(void* ptr);
Revert "Revert "Pull the pthread_key_t functions out of pthread.c."" This reverts commit 6260553d48f6fd87ca220270bea8bafdde5726ec (Removing the accidental libm/Android.mk change.) Change-Id: I6cddd9857c31facc05636e8221505b3d2344cb75
2013-02-11 21:18:47 +01:00
__LIBC_HIDDEN__ void pthread_key_clean_all(void);
Support larger guard regions. This also fixes a long-standing bug where the guard region would be taken out of the stack itself, rather than being -- as POSIX demands -- additional space after the stack. Historically a 128KiB stack with a 256KiB guard would have given you an immediate crash. Bug: http://b/38413813 Test: builds, boots Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
2017-06-28 02:01:57 +02:00
// Address space is precious on LP32, so use the minimum unit: one page.
// On LP64, we could use more but there's no obvious advantage to doing
// so, and the various media processes use RLIMIT_AS as a way to limit
// the amount of allocation they'll do.
#define PTHREAD_GUARD_SIZE PAGE_SIZE
// SIGSTKSZ (8KiB) is not big enough.
// An snprintf to a stack buffer of size PATH_MAX consumes ~7KiB of stack.
Increase the size of the signal stack on 64-bit. The signal stack is sufficiently large for a single invocation of the signal handler, but in cases where the signal handler needs to recurse, (e.g. if our address space is limited by RLIMIT_AS), it's too small for us to get to the part where we recognize that we've recursed and bail out. Bug: http://b/118772392 Test: /data/nativetest64/debuggerd_test/debuggerd_test64 --gtest_filter=CrasherTest.seccomp_crash_oom Change-Id: Ic7a2cf8b01b3f7ea7f4a2318a3ec22a0c3649da6
2018-11-06 23:47:27 +01:00
// On 64-bit, logging uses more than 8KiB by itself, ucontext is comically
// large on aarch64, and we have effectively infinite address space, so double
// the signal stack size.
#if defined(__LP64__)
#define SIGNAL_STACK_SIZE_WITHOUT_GUARD (32 * 1024)
#else
Support larger guard regions. This also fixes a long-standing bug where the guard region would be taken out of the stack itself, rather than being -- as POSIX demands -- additional space after the stack. Historically a 128KiB stack with a 256KiB guard would have given you an immediate crash. Bug: http://b/38413813 Test: builds, boots Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
2017-06-28 02:01:57 +02:00
#define SIGNAL_STACK_SIZE_WITHOUT_GUARD (16 * 1024)
Increase the size of the signal stack on 64-bit. The signal stack is sufficiently large for a single invocation of the signal handler, but in cases where the signal handler needs to recurse, (e.g. if our address space is limited by RLIMIT_AS), it's too small for us to get to the part where we recognize that we've recursed and bail out. Bug: http://b/118772392 Test: /data/nativetest64/debuggerd_test/debuggerd_test64 --gtest_filter=CrasherTest.seccomp_crash_oom Change-Id: Ic7a2cf8b01b3f7ea7f4a2318a3ec22a0c3649da6
2018-11-06 23:47:27 +01:00
#endif
Format code to calculate thread stack and signal stack. The code to calculate thread stack and signal stack looks weird: the thread stack size and signal stack size are related with each other on 32-bit mode, but not on 64-bit mode. So change the code to make the logic more resonable. This doesn't change anything as we have defined SIGSTKSZ to 16K on arm64. Bug: 28005110 Change-Id: I04d2488cfb96ee7e2d894d062c66cef950fec418
2016-03-31 02:48:50 +02:00
Support larger guard regions. This also fixes a long-standing bug where the guard region would be taken out of the stack itself, rather than being -- as POSIX demands -- additional space after the stack. Historically a 128KiB stack with a 256KiB guard would have given you an immediate crash. Bug: http://b/38413813 Test: builds, boots Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
2017-06-28 02:01:57 +02:00
// Traditionally we gave threads a 1MiB stack. When we started
// allocating per-thread alternate signal stacks to ease debugging of
// stack overflows, we subtracted the same amount we were using there
// from the default thread stack size. This should keep memory usage
// roughly constant.
#define PTHREAD_STACK_SIZE_DEFAULT ((1 * 1024 * 1024) - SIGNAL_STACK_SIZE_WITHOUT_GUARD)
Simplify main thread stack size initialization Change-Id: Iec09433d9de501031cce09dc75848a5e8f3d96bf
2013-09-14 01:34:43 +02:00
Increase alternative signal stack size on 64-bit devices. Bug: 23041777 Bug: 24187462 Change-Id: I7d84c0cc775a74753a3e8e101169c0fb5dbf7437
2015-09-22 20:16:15 +02:00
// Leave room for a guard page in the internally created signal stacks.
Support larger guard regions. This also fixes a long-standing bug where the guard region would be taken out of the stack itself, rather than being -- as POSIX demands -- additional space after the stack. Historically a 128KiB stack with a 256KiB guard would have given you an immediate crash. Bug: http://b/38413813 Test: builds, boots Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
2017-06-28 02:01:57 +02:00
#define SIGNAL_STACK_SIZE (SIGNAL_STACK_SIZE_WITHOUT_GUARD + PTHREAD_GUARD_SIZE)
Revert "Revert "add guard pages to the internal signal stacks"" This reverts commit a3125fd1396a09a7fc4872dc4653f342150a3deb. And Fix the prctl() problem that cause system crash. Change-Id: Icc8d12d848cfba881a7984ca2827fd81be41f9fd
2015-03-31 05:03:57 +02:00
Support larger guard regions. This also fixes a long-standing bug where the guard region would be taken out of the stack itself, rather than being -- as POSIX demands -- additional space after the stack. Historically a 128KiB stack with a 256KiB guard would have given you an immediate crash. Bug: http://b/38413813 Test: builds, boots Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
2017-06-28 02:01:57 +02:00
// Needed by fork.
<pthread.h> fixes and pthread cleanup. <pthread.h> was missing nonnull attributes, noreturn on pthread_exit, and had incorrect cv qualifiers for several standard functions. I've also marked the non-standard stuff (where I count glibc rather than POSIX as "standard") so we can revisit this cruft for LP64 and try to ensure we're compatible with glibc. I've also broken out the pthread_cond* functions into a new file. I've made the remaining pthread files (plus ptrace) part of the bionic code and fixed all the warnings. I've added a few more smoke tests for chunks of untested pthread functionality. We no longer need the libc_static_common_src_files hack for any of the pthread implementation because we long since stripped out the rest of the armv5 support, and this hack was just to ensure that __get_tls in libc.a went via the kernel if necessary. This patch also finishes the job of breaking up the pthread.c monolith, and adds a handful of new tests. Change-Id: Idc0ae7f5d8aa65989598acd4c01a874fe21582c7
2013-10-30 22:40:09 +01:00
__LIBC_HIDDEN__ extern void __bionic_atfork_run_prepare();
__LIBC_HIDDEN__ extern void __bionic_atfork_run_child();
__LIBC_HIDDEN__ extern void __bionic_atfork_run_parent();
Reference in a new issue Copy permalink