There are places in frameworks and art code that directly included
private bionic header files. Move these files to the new platform
include files.
This change also moves the __get_tls.h header file to tls.h and includes
the tls defines header so that there is a single header that platform
code can use to get __get_tls and the defines.
Also, simplify the visibility rules for platform includes.
Bug: 141560639
Test: Builds and bionic unit tests pass.
Change-Id: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
Merged-In: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
(cherry picked from commit 44631c919a)
This commit replaces `bzero` with `__bionic_bzero` and `bcopy` with
`__bionic_bcopy` because `bzero` and `bcopy` are partially defined in
`libc.map.txt`. Bionic versioner raises errors because versioner treats
static inline functions as exported function definitions then it
compares the availability with the information specified in
`libc.map.txt`.
This commit fixes the problem by replacing static inline functions into
`__bionic_{bzero,bcopy}` and defining aliases for source-level
compatibility.
Test: PATH=$(pwd)/prebuilts/clang-tools/linux-x86/bin:$PATH \
bionic/tools/versioner/run_tests.py
Bug: 140110040
Change-Id: I97f2f0dc0abccd0a9fcfe5bb02f4e918362d35cc
__builtin_*_chk will emit warnings when things are trivially broken.
Emitting errors instead is probably better (and we can be a bit smarter
about how we emit code for trivially safe cases.)
Bug: 131861088
Test: checkbuild + bionic-unit-tests on blueline
Change-Id: I33957ad419922d0760304758ecb9bc8ad33e0b64
Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and
any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation
counter, incremented in the linker, to signal when threads should
update/reallocate their DTV objects.
A generation count of 0 always indicates the constant zero DTV.
Once a DTV is allocated, it isn't freed until the thread exits, because
a signal handler could interrupt the fast path of __tls_get_addr between
accessing the DTV slot and reading a field of the DTV. Bionic keeps a
linked list of DTV objects so it can free them at thread-exit.
Dynamic TLS memory is allocated using a BionicAllocator instance in
libc_shared_globals. For async-signal safety, access to the
linker/libc-shared state is protected by first blocking signals, then by
acquiring the reader-writer lock, TlsModules::rwlock. A write lock is
needed to allocate or free memory.
In pthread_exit, unconditionally block signals before freeing dynamic
TLS memory or freeing the shadow call stack.
ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C".
(The header now includes a C++ template that doesn't compile inside
extern "C".)
Bug: http://b/78026329
Bug: http://b/123094171
Test: bionic unit tests
Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
__isthreaded is annoying for ARC++ and useless for everyone. Just hard-code
the value in ndk_cruft for LP32 and be done with it.
Bug: N/A
Test: builds
Change-Id: I08f11a404bbec55ed57cb1e18b5116163c7d7d13
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
Hiding our legacy cruft seemed like a good idea, but in practice it will only
mean worse interoperability.
Plus we got it wrong, as the recent `putw` example showed.
Change-Id: I167c7168eff133889028089c22a7a0dfb8d6d0cf
This change implements the following property:
Any 2**N aligned memory region on size 2**N contains no more than one DSO.
The value N can be configured, with 16 or 18 looking like a good choice.
Additionally, DSOs are loaded at random page-aligned address inside these large
regions.
This change has dual purpose:
1. Larger values of N allow a lot more compact CFI shadow implementation.
See change I14dfea630de468eb5620e7f55f92b1397ba06217.
For example, CFI shadow for the system_server process has the following size (RSS, KB):
152 for N = 12, 32 for N = 16, 16 for N = 18.
2. Extra randomization is good for security.
This change does not result in extra RAM usage, because everything is still page-aligned.
It does result in a bit more VM fragmentation because of the gaps between shared libraries.
As it turns out, this fragmentation is barely noticeable because the kernel creates new mapping
at the highest possible address, and we do enough small mappings to almost completely fill the
gaps (ex. in the Zygote the gaps are filled with .ttf file mappings and thread stacks).
I've measured VM fragmentation as the sum of all VM gaps (unmapped regions) that are larger
than 1MB according to /proc/$PID/maps. On aosp_angler-userdebug, the numbers are (in GB):
| N = 12 | N = 18
system_server | 521.9 | 521.1
zygote64 | 522.1 | 521.3
zygote32 | 2.55 | 2.55
mediaserver | 4.00 | 4.00
Change-Id: Ia6df840dd409c82837efd1f263be420d9723c84a
Not efficient to iterate through given the large number of Android
ids (AID). Compile warning will result if you use these functions,
telling you as much. Not for general consumption, however for
example, some filesystem tests would like to see these to perform
all corners.
About 1/4 second for getpwent, and 1/8 second for getgrent to iterate
through all reserved Android aids.
Bug: 27999086
Change-Id: I7784273b7875c38e4954ae21d314f35e4bf8c2fc
This change removes endpwent, dlmalloc_inspect_all, dlmalloc_trim
from lp64 libc.so. It also removed necessety of having brillo
version scripts for lp64 platforms.
Bug: http://b/26164862
Change-Id: I4e9b38907bb1dc410f0eb6d2f5d5944fe713da51
POSIX defined bcopy to handle overlapping memory akin to memmove and
bionic appears to have always done so.
Change-Id: I2599113411e3532913270ba1c1b49e35cbc5f106
This reverts commit c8bae05f3f.
We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.
This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.
This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.
Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
This reverts commit 4371961e00.
This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).
Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
These don't work, aren't thread-safe, aren't in POSIX (or our header
files), and are only used by one app (whose developers I've contacted).
But the presence of these symbols causes configure to be confused, which
is a pain for Brillo.
Bug: http://b/24812426
Change-Id: I7fa6ef82864d5563929d9b8a7f8fcacb30b26d45
The functions dlmalloc_inspect_all and dlmalloc_trim get
exported on devices that use dlmalloc, so be consistent and
export them everywhere.
Bug: 21640784
Change-Id: I5b8796cd03c8f401d37d9c22823144f766f9c4c7
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
It turns out that appportable has a version that calls dlmalloc directly.
Re-add the dlmalloc symbol for 32 bit only as a compatibility shim that
calls malloc.
Bug: 17881362
(cherry pick commit from c9734d24d9)
Change-Id: Iee9a777f66a1edb407d7563a60792b767ac4f83a
This was in <stdlib.h> in older releases. It's no longer used, but we can
preserve backwards compatibility by making it a no-op.
(cherry-pick of 51c8355d5cf4b83ccd2ad250ca4c61a616356c2b.)
Bug: 16205834
Change-Id: Idde7b46df4f253e39675600bcf82352879a716e7
The current arc4random implementation stirs itself as needed, but we
need to keep an arc4random_stir symbol around for binary compatibility.
(cherry-pick of 1e010d60397db706cd3d1c4d5701a2bced441aa8.)
Bug: 17291075
Change-Id: Iaf6171c3ec65c39c1868364d5b35ea280e29a363
The C library didn't export the 'index' symbol, but its C++ name-mangling
instead, which broke the ABI and prevented some applications from loading
properly.
The main reason was that the implementation under bionic/index.cpp relied
on the declaration to specify that the function has C linkage.
However, the declaration for index() was removed from both <string.h>
and <strings.h> in a recent patch, which made the compiler think it was
ok to compile the function with C++ linkage instead!
This patch does the following:
- Move index() definition to bionic/ndk_cruft.cpp and ensure it uses
C linkage.
Note that this removes index() from the 64-bit library entirely, this
is intentional and will break source compatibility. Simply replacing
an index() call with the equivalent strchr() should be enough to fix
this in third-party code.
- Remove bionic/index.cpp from the tree and build files.
- Remove x86 assembly implementation from arch-x86/ to avoid conflict
with the one in ndk_cruft.cpp
BUG=15606653
Change-Id: I816b589f69c8f8a6511f6be6195d20cf1c4e8123
getdtablesize(3) was removed fro POSIX 2004. Keep the symbol around in LP32 for
binary compatibility, but remove the declaration from unistd.h.
Bug: 13935372
Change-Id: I1f96cd290bf9176f922dad58bd5a7ab2cae7ef0f
wait3(2) was removed from POSIX 2004. Keep the symbol around in LP32 for binary
compatibility, but remove the declaration in sys/wait.h.
Bug: 13935372
Change-Id: Ic715fce6781aae43b4ac6d745dc6d1e6b9914e71
