Commit graph

2768 commits

Author SHA1 Message Date
Josh Gao
143e2ae807 fdtrack: add wrappers for epoll_create, epoll_create1.
Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I6c881e5d67596c543526536541d5b8086e21d9e9
(cherry picked from commit a38331d833)
2020-04-29 18:55:01 -07:00
Josh Gao
9c3b21135b fdtrack: add wrappers for pipe, pipe2.
Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I66826f312a65ab9f1bd8193bf684e330baa952dc
(cherry picked from commit 1fad5283a0)
2020-04-29 18:55:01 -07:00
Josh Gao
7ac2e9476a fdtrack: add tests for individual wrappers.
Add tests for all of our existing wrappers (with one commented out,
because it's unexpectedly generating multiple events).

Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I552692aef952237c2eee0dabec61b7ea7fd230e3
(cherry picked from commit 9d512402d4)
2020-04-29 18:55:01 -07:00
Florian Mayer
5e0d80b3ec dynamic libc: ignore ART profiling signal by default.
These solves the issue that targetting non-profilable apps crashed them.
There is still a race condition between starting the app and the SIG_IGN
being installed, but that will be fixed in follow-ups.

This also does not cover programs that statically link libc, but those are
rare.

This might be reverted if we find a more general solution to
b/151835887.

Bug: 151328035
Test: java profile sysui, doesn't crash
Test: atest CtsBionicTestCases

This is a cherry-pick of 96272df35c

Change-Id: I6b99352ed50afe15a609f7ddb85312c2676ddf11
Merged-In: I6b99352ed50afe15a609f7ddb85312c2676ddf11
2020-03-30 10:17:45 +01:00
Ryan Prichard
58cbfd9e7a Rewrite __cxa_atexit / __cxa_finalize
Simplify:
 - Use a single memory-mapped region to hold the table of destructors.
   Double its capacity each time it is expanded.
 - Add a recompaction pass at the end of __cxa_finalize that shifts
   entries forward and uses madvise to clean pages.

Bug: http://b/148055738
Test: bionic-unit-tests
Change-Id: Ieb9da2b88640a8a5277d217b43826b5b7e246781
(cherry picked from commit afa983c8d4)
2020-03-09 14:23:24 -07:00
Elliott Hughes
2891f3e0e4 Add a libc wrapper for statx(2).
Bug: http://b/127675384
Bug: http://b/146676114
Test: treehugger
Change-Id: I844edc12f62717e579870a040cf03dfe60dc280b
(cherry picked from commit 733cedd1c4)
2020-02-25 10:44:52 -08:00
Peter Collingbourne
45819dde10 Allow android_mallopt(M_SET_HEAP_TAGGING_LEVEL) to control scudo heap tagging.
The tag level may now be async, which is now the default. When the tag level
is set to none, memory tagging is disabled in the allocator using the new
API proposed in https://reviews.llvm.org/D70762 .

Bug: 135772972
Change-Id: I847f5822a70913c446ed9ffa13792177bbfc96af
2020-02-20 15:25:08 -08:00
Peter Collingbourne
c8cef93f24 Allow nested usage of ScopedDisableMTE.
An upcoming change to scudo will cause us to start calling
android_unsafe_frame_pointer_chase() from within the allocator. Since this
function uses ScopedDisableMTE, this would otherwise make it unsafe to use
the allocator from within ScopedDisableMTE. This seems like an unreasonable
restriction, so make ScopedDisableMTE save the PSTATE.TCO state in the
constructor and restore it in the destructor.

Bug: 135772972
Change-Id: I47e18d5fb2929efd5a58676488180cd85731007b
2020-02-18 13:13:57 -08:00
Ivan Lozano
c65b55cded Merge "Remove XOM properties." 2020-02-14 14:42:49 +00:00
Ivan Lozano
3e928edc77 Remove XOM properties.
XOM is no longer supported by the build system, so remove these
properties.

Bug: 123034666
Bug: 147300048
Test: Build succeeds.
Change-Id: I77efc98241f45b1a78b1cca5560f64eef5ef22f4
2020-02-13 14:20:44 -05:00
Elliott Hughes
6a65ccdf52 Remove mips test workarounds.
The mips/mips64 targets were never able to pass these tests, and the
supported architectures don't need any of these workarounds.

Test: treehugger
Change-Id: I640a8b7a98ae13d9d9cdb09b0fbef61d31d4c79a
2020-02-13 09:48:14 -08:00
Christopher Ferris
cce88c0a03 Update malloc_info test for scudo.
Scudo implemented malloc_info for the primary allocator, so add some
small amount of validation.

Test: Ran the malloc_info tests and verified they pass.
Change-Id: Ib7c609e46cc1ed73fa5c042df92fa9b568880f21
2020-02-12 17:41:01 -08:00
Mitch Phillips
242387d0cf [GWP-ASan] [malloc-tests] Scan GWP-ASan regions in maps.
GWP-ASan is part of the native allocator, and may allocate some memory.
When GWP-ASan is enabled, the malloc tests need to look inside of
GWP-ASan regions as well for native allocations.

Bug: 135634846
Test: atest bionic-unit-tests
Change-Id: Ibb78f9c9e7e96a437cffce013facd18708799b0e
2020-02-11 16:08:17 -08:00
Mitch Phillips
892d0286c4 [Elf TLS] [GWP-ASan] Update ELF TLS test.
GWP-ASan introduces two Initial-Exec thread-local variables into
libc.so. This causes the ELF TLS test to understandably fail, and needs
to be patched up.

Bug: 148606979
Test: atest bionic-unit-test
Change-Id: I77500a00edb55cb7bcd3cd3faffb76d2339ab42c
2020-02-07 01:40:05 +00:00
Ryan Prichard
f7c40da307 Merge changes from topic "import-lib-access"
* changes:
  Ignore symbols of imported libs' dependencies
  Comment two linker namespace functions
  Rename dlsym_handle_lookup:6 to dlsym_handle_lookup_impl
2020-02-04 21:46:15 +00:00
Ryan Prichard
22fa3dde07 Ignore symbols of imported libs' dependencies
When a library is present in a namespace via the secondary_namespaces
list (i.e. the executable, LD_PRELOAD, DF_1_GLOBAL, or
android_create_namespace inheritance), then we want to search that
library's symbols, but not the symbols of its dependencies. Otherwise,
we want to search the dependencies to handle cross-NS dependency.

Bug: http://b/148569846
Test: bionic unit tests
Change-Id: If798d69de28ed5c0f1a155e4ff85c7e08934e531
2020-02-03 14:20:40 -08:00
Peter Collingbourne
5f45c18a7f Add an android_unsafe_frame_pointer_chase function.
This function will be used by Scudo and GWP-ASan to efficiently collect
stack traces for frames built with frame pointers.

Bug: 135634846
Bug: 135772972
Change-Id: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Merged-In: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
2020-02-03 10:30:45 -08:00
Peter Collingbourne
4fe5b783a4 Merge "Add some MTE-related helpers." 2020-01-31 00:00:44 +00:00
Josh Gao
7596250722 Move fdtrack APIs to LLNDK.
Test: logcat -c; fdtrack_test; logcat -d
Change-Id: Ib6f75a7c8bbc4d6efa0708dcbbfe4ad3c0641022
2020-01-30 13:55:10 -08:00
Josh Gao
97271920bf Add a tool to track down fd leaks.
Add a hook that's called upon file descriptor creation to libc, and a
library that uses it to capture backtraces for file descriptor creation,
to make it easier to hunt down file descriptor leaks.

Currently, this doesn't capture all of the ways of creating a file
descriptor, but completeness isn't required for this to be useful as
long as leaked file descriptors are created with a function that is
tracked. The primary unhandled case is binder, which receives file
descriptors as a payload in a not-trivially-parsable byte blob, but
there's a chance that the leak we're currently trying to track down
isn't of a file descriptor received over binder, so leave that for
later.

Bug: http://b/140703823
Test: manual
Change-Id: I308a14c2e234cdba4207157b634ab6b8bc539dd9
(cherry picked from commit b7eccd4b15)
2020-01-30 13:55:10 -08:00
Peter Collingbourne
6f1fd68817 Add some MTE-related helpers.
mte_supported() lets code efficiently detect the presence of MTE, and
ScopedDisableMTE lets code disable MTE RAII-style in a particular region
of code.

Bug: 135772972
Change-Id: I628a054b50d79f67f39f35d44232b7a2ae166afb
2020-01-30 10:56:50 -08:00
Elliott Hughes
09e77f35ab _FILE_OFFSET_BITS=64 support for fcntl.
On Android, fcntl is always implemented by fcntl64(2). This means that
an LP32 binary can `fcntl(F_SETLK, struct flock)` (because fcntl64(2)
passes through to the 32-bit fcntl(2) to handle F_SETLK), and it can
also `fcntl(F_SETLK64, struct flock64)`. What it can't do before this
patch is set _FILE_OFFSET_BITS=64 and then `fcntl(F_SETLK, struct
flock)` where that `struct flock` is actually implicitly `struct
flock64`.

Move the kernel uapi structs out of the way, define them ourselves based
on __LP64__ and _FILE_OFFSET_BITS, and fix up the relevant F_ constants.

(Also add a .clang-format to turn off clang-format in libc/include/.)

Bug: N/A
Test: treehugger (and strace!)
Change-Id: Iccd6c83d9133e1efcf93a7b49a6ae0f1bbd3d58b
2020-01-29 19:36:14 -08:00
Christopher Ferris
201dcf491b Add a disabled test to verify alloc after fork.
The alloc after fork is a test that should pass, but jemalloc
doesn't right now. Leave the test disabled until the native
allocator can pass this.

Test: Ran the test 1000 times on glibc to verify it passes.
Test: On device, verified it does not run.
Change-Id: I482af4db2fee81c947ac081c7a6f25a2aff80350
2020-01-29 14:40:37 -08:00
Elliott Hughes
35a09a3493 Merge "Test all four supported relocation encodings." 2020-01-29 16:44:20 +00:00
Elliott Hughes
6dd1f587c8 Test all four supported relocation encodings.
Test (a) that we can load the library, but also (b) that readelf thinks
it contains the relocation encoding we were expecting. Do this for all
four of RELR, ANDROID_RELR, relocation packer, and the original ELF
relocation encoding.

Bug: http://b/147452927
Test: treehugger
Change-Id: I5fab72f99d46991c1b206a1c15c76e185b7148b3
2020-01-28 17:59:23 -08:00
Christopher Ferris
ee12e47788 Merge "Use platform signal name." 2020-01-28 20:26:47 +00:00
Elliott Hughes
1d8f6f2f5d Merge "Modernize SHT_RELR support." 2020-01-27 18:10:13 +00:00
Christopher Ferris
b874c339cd Use platform signal name.
Test: Compiles and test passes.
Change-Id: I8d19431ded97f5a8e7baa0c85b9496eddd36a25a
2020-01-27 09:36:34 -08:00
Elliott Hughes
6663f5525d Modernize SHT_RELR support.
Until now we've only supported RELR with our own OS-private-use
constants. Add support for the official numbers (while maintaining
support for the historical numbers).

Add tests to ensure we continue to support both indefinitely.

We can't yet flip the build system over to using the official constants
because the old GNU binutils objcopy we still use in most cases (for the
mini-debug section) only supports the historical constants.

Bug: http://b/147452927
Test: treehugger
Change-Id: If214fce7fade4316115947e90b78ab40864b61f2
2020-01-24 15:39:01 -08:00
Chih-Hung Hsieh
7d66bf9d90 Fix new clang compiler warning
Bug: 148287059
Test: make
Change-Id: I24972955454fa40fc565744e2caaaa636caa44c2
2020-01-24 14:28:45 -08:00
Evgenii Stepanov
3ff4245c70 Merge "Add tagged pointers to bionic." 2020-01-24 00:26:32 +00:00
Elliott Hughes
8fe1fcd804 Merge "Reimplement realpath." 2020-01-23 20:34:15 +00:00
Mitch Phillips
3b21ada5f1 Add tagged pointers to bionic.
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).

We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.

If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.

Bug: 135754954
Bug: 147147490

Test: cd bionic && atest .
Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
2020-01-23 10:37:24 -08:00
Elliott Hughes
75064c177f Initialize __progname correctly.
setprogname() does a basename, but we were initializing __progname
directly. Stop doing that, and add some tests.

Test: treehugger
Change-Id: I06f306ade4161b2f0c7e314a3b1b30c9420117b7
2020-01-23 08:28:48 -08:00
Elliott Hughes
22fb267ad6 Reimplement realpath.
Use O_PATH like musl to let the kernel do the hard work, rather than the
traditional BSD manual scheme.

Also add the most obvious missing tests from reading the man page, plus
a non-obvious test for deleted files.

Bug: http://b/131435126
Test: treehugger
Change-Id: Ie8a8986fea55f045952a81afee377ce8288a49d5
2020-01-22 18:30:50 -08:00
Nicolas Geoffray
5c9efd1d66 Merge "Revert "Add tagged pointers to bionic."" 2020-01-21 13:57:45 +00:00
Nicolas Geoffray
ce4c42e09f Revert "Add tagged pointers to bionic."
This reverts commit 43d5f9d4dd.

Bug: 135754954
Bug: 147147490

Exempt-From-Owner-Approval: clean revert

Reason for revert: Breaks ART gtest, see:
https://ci.chromium.org/p/art/builders/ci/angler-armv8-non-gen-cc/561

The crash happens on mprotect of a page, the test crashes with ENOMEM.

Change-Id: I52eea1abbfaf8d8e2226f92d30aa55aba3810528
2020-01-21 13:57:26 +00:00
Dan Willemsen
a547762ae3 Merge "Convert more bionic tests to Android.bp" 2020-01-21 04:52:16 +00:00
Mitch Phillips
3460b6c265 Merge "Add tagged pointers to bionic." 2020-01-20 23:31:27 +00:00
Dan Willemsen
4bcfe3c330 Convert more bionic tests to Android.bp
Bug: 122332847
Bug: 130734182
Test: mmm bionic/tests; same files installed before & after
Test: m cts; same files in cts before & after
Test: `objdump -x <files> | grep NEEDED` is identical
Test: `objdump -x <files> | grep RUNPATH` difference make sense
      (additional lib64 entries from soong, minimal reorder)
Test: treehugger
Change-Id: I6eea4c3f9c0040efeba64e2b47c7b573767cd386
2020-01-16 10:12:46 -08:00
Christopher Ferris
f5421dde7f Merge "Add new malloc align tests." 2020-01-16 17:20:26 +00:00
Ryan Savitski
b72fed164e Merge "allow for heapprofd's signal to be multiplexed" 2020-01-16 16:04:08 +00:00
Mitch Phillips
43d5f9d4dd Add tagged pointers to bionic.
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).

We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.

If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.

Bug: 135754954
Bug: 147147490

Test: cd bionic && atest .
Change-Id: I6e5b809fc81f55dd517f845eaf20f3c0ebd4d86e
2020-01-15 15:03:00 -08:00
Ryan Savitski
175c8867b0 allow for heapprofd's signal to be multiplexed
This patch refactors heapprofd_malloc to make it easier to reuse the
reserved signal for multiple purposes. We define a new generic signal
handler for profilers, which dispatches to more specific logic based on
the signal's payload (si_value).

The profiler signal handler is installed during libc preinit, after
malloc initialization (so races against synchronous heapprofd
initialization need not be considered). In terms of code organization, I
copied the existing approach with a loosely referenced function in
bionic_globals.h. Do tell if you'd rather a different approach here.

The profileability of a process is quite tied to the malloc
files/interfaces in bionic - in particular, it's set through
android_mallopt. I do not change that, but instead introduce a new
android_mallopt option to be able to query profileability of the
process (which is now used by the new profiler signal handler). As part
of that, gZygoteChildProfileable is moved from heapprofd_malloc to
common (alongside gZygoteChild).

I've removed the masking and reraising of the heapprofd signal when
racing against malloc_limit init. We're ok with taking a simpler
approach and dropping the heapprofd signal in such an unlikely race.

Note: this requires a corresponding change in heapprofd to use sigqueue()
instead of kill(), as the latter leaves the si_value uninitialized(?) on
the receiving side.

Bug: 144281346
Change-Id: I93bb2e82cff5870e5ca499cf86439860aca9dfa5
2020-01-15 22:55:03 +00:00
Christopher Ferris
f32494c985 Add new malloc align tests.
Bug: 146576216

Test: Ran the test on jemalloc and glibc.
Test: Ran the test on scudo and verified that failed without the align
Test: change.
Change-Id: I31a96f8672c6bce2423210300288a13df1eda42a
2020-01-15 09:22:21 -08:00
Steven Moreland
06f39d36a4 stack_protector_DeathTest: work w/ local reorder
Before, the helper method for this test had two local variables:
    char buf[128];
    volatile char* p;

Then the test wrote zeros into the buffer and one past the buffer end.
This relied on the fact that the compiler constructed the stack frame
with 'p' first and then the buffer (and also optimized away the 'size'
variable).

However, some compiler options (namely -ftrivial-auto-var-init=pattern)
result in the stack frame being reordered so that 'p' is actually after
buf, and the test cannot pass.

Fixes: 132780819
Test: bionic-unit-tests-static (w/ w/o flag)
Change-Id: Icc87c02add211c2afb7c96ae22701ec27990364c
2020-01-14 14:11:16 -08:00
Elliott Hughes
5dc31300ff Explicitly test printf %s with nullptr.
I haven't found a bug, but tests are good.

Bug: https://github.com/landley/toybox/issues/163
Change-Id: I57149800099abc699cc841b69a5a72aeac7c2bcc
2020-01-07 08:48:10 -08:00
Elliott Hughes
95c6cd753f Stop using the __ANDROID_API_x__ constants.
Historically we've made a few mistakes where they haven't matched the
right number. And most non-Googlers are much more familiar with the
numbers, so it seems to make sense to rely more on them. Especially in
header files, which we actually expect real people to have to read from
time to time.

Test: treehugger
Change-Id: I0d4a97454ee108de1d32f21df285315c5488d886
2019-12-20 13:26:14 -08:00
Evgeny Eltsin
4ea64e91e8 Merge "Fix dlext.ns_anonymous test for native bridge" 2019-12-17 19:22:04 +00:00
Evgeny Eltsin
ad865d7b3d Fix dlext.ns_anonymous test for native bridge
The executable flag might not be present for the executable segment
if the code is being handled by native bridge implementation. Old
heuristics for this case was to assume first segment is executable.
This doesn't stand any more. Instead, look for segment that contains
the function test is going to call.

Test: bionic-unit-tests --gtest_filter=dlext.ns_anonymous
Change-Id: I960bebba86e225d739b73f6d093e145fff17b4a8
2019-12-17 18:54:17 +01:00