This change allows the use of read(2) and getdents(2) so that UBSan can
work correctly on x86_64.
Bug: 111999822
Test: CtsWrapWrapDebugTestCases
Change-Id: I44aac17fffdffc5c3f5d87fb3d876af28c8044b2
This is currently a non-functional change, because base_timeout_msec is
never set to a non-default value (other than in unit tests).
Test: netd_unit_test --gtest_filter='ResolverTest.*'
Change-Id: I21989bab5cc9f55ee1392e30965eb405d720a28e
The primary motivation is speeding up tests for non-responsive
nameservers. It's also base infrastructure for future work to compute
retry timeouts dynamically.
Using default timeouts (RES_TIMEOUT = 5 seconds):
ResolverTest.GetAddrInfoV6_nonresponsive (45141 ms)
With base_timeout_msec=100:
ResolverTest.GetAddrInfoV6_nonresponsive (1264 ms)
Test: executed unsubmitted test from aosp/713993
Change-Id: Id902089ca69ca8d28032180ba51e8937262ef490
Let the debuggerd handler get the address of the fdsan table so that
crash_dump can parse it and print it out in tombstones.
Test: debuggerd `pidof adbd`
Change-Id: I2297200cae52d0ff24479dba55d1ab4938583501
Make it easier for other code to parse the fdsan table themselves by
making it so that they can include the bionic_fdsan.h header to get a
struct definition with the layout without bringing in other
dependencies.
Test: treehugger
Change-Id: I3583ef113991234aa83cd193a4eb139ad06737c7
This change avoids having to run the genseccomp.py script every time a
policy file is edited, and instead generates these files at
compile-time.
Bug: None
Test: m
Test: find out/soong/ -name x86_64_global_policy.cpp # Shows files
Test: generated policies are equivalent to original policies
Change-Id: I12461fe0c5fb02c008c1b2503fbb994b8aa2f56b
POSIX says "The popen() function shall ensure that any streams from
previous popen() calls that remain open in the parent process are closed
in the new child process". It doesn't appear to disallow all popen(3) file
descriptors from being O_CLOEXEC, and it's not obvious why anyone would want
them inherited. Let's see if we can make the stricter guarantee...
Bug: N/A
Test: ran tests
Change-Id: I2c85170d730b211637afb8ba10df150ca3237262
Add handling for all 4 cases of failure of exchange_owner_tag. Also,
mask off and sign extend the type byte of the owner tag, and add a
test for that.
Test: bionic_unit_tests
Change-Id: Ic7c49f0ee5498623f05c49b5b4cd055db48a4b9f
This change makes it possible to invoke this tool without having to
fiddle with the path.
Bug: None
Test: ./bionic/libc/tools/genseccomp.py # Succeeded
Change-Id: Ib24d70abc973fe774cda4209e46a5b66ae7617be
This change allows the use of readlink(2) so that UBSan can work
correctly on x86_64.
Bug: 111999822
Test: CtsWrapWrapDebugTestCases
Change-Id: I7f3013c712e3e41567a0d8e1bbb9d378c04b4433
arm32: Add a relocation for TLS descriptors (e.g. gcc's
-mtls-dialect=gnu2).
arm64: Add all the dynamic TLS relocations.
Two of the relocations here are obsolete:
- ARM documents R_ARM_SWI24 as an obsolete static relocation without
saying what it did. It's been replaced by R_ARM_TLS_DESC, a dynamic
relocation. We could probably remove it, but I left it because arm32
is old, and I see the macro in other libc's. It's probably analogous
to R_ARM_THM_SWI8, which is also an obsolete relocation reserved for
a future dynamic relocation.
- I couldn't find any ARM documentation at all for
R_AARCH64_TLS_DTPREL32. It seems to have been part of three
relocations:
- R_AARCH64_TLS_DTPREL32 1031
- R_AARCH64_TLS_DTPMOD32 1032
- R_AARCH64_TLS_TPREL32 1033
Bug: b/78026329
Test: run bionic unit tests
Change-Id: I5e7432f6e3e906152dc489be5e812fd8defcbafd
We had the NetBSD __CONCAT macro, despite the fact that our only callers
are FreeBSD code. The FreeBSD libm changes in FreeBSD r336665 require
the FreeBSD implementation rather than the NetBSD one.
Unfortunately for me, that libm code is built in the NDK build too,
where it's built against the NDK's <sys/cdefs.h>. So I need to update
__CONCAT first before I can update the libm code.
Bug: http://b/111710419
Test: ran tests
Change-Id: I70e76e4caab2929c939bfb7009df9fe79d26806a
This reverts commit 067bdc9546.
The angler/bullhead builds still use GCC, so I'll wait until they're turned down.
Bug: https://issuetracker.google.com/74404306
Change-Id: I777b08dd6ab5250d532b4b5cc56e9a790c13db20
This reverts commit 253a830631 and moves
us forward to a revision that contains fixes for the problem with the
previous attempt.
This also makes sincos(3)/sincosf(3)/sincosl(3) available to `_BSD_SOURCE`
as well as `_GNU_SOURCE`.
The new FreeBSD libm code requires the FreeBSD `__CONCAT` macro, and all
our existing callers are FreeBSD too, so update that.
There's also an assumption that <complex.h> drags in <math.h> which isn't
true for us, so work around that with `-include` in the makefile. This
then causes clang to recognize a bug -- returning from a void function --
in our fake (LP32) sincosl(3), so fix that too.
Bug: http://b/111710419
Change-Id: I84703ad844f8afde6ec6b11604ab3c096ccb62c3
Test: ran tests
Generate a tombstone instead of just a log message when warning. Also,
don't use async_safe_fatal_va_list when we're not calling abort, as
this will permanently set the abort message.
Test: bionic_unit_tests
Test: setprop debug.fdsan warn; crasher fdsan_file
Change-Id: I2fe271da9004c8fd1f50ad3d8280be254eeaf656
NDK r18 (which removes GCC) is about to ship. We don't need this any more.
The immediate motivation for removing this right now is that the test
fails whenever we add Clang-only flags to the build system.
While we're here, clean up <stdatomic.h> too.
Bug: https://issuetracker.google.com/74404306
Test: ran tests
Change-Id: Iaad5d634d1ba76f0b6f19ad32cc27b2533771a4a
Make it so that users can check for availability of fdsan at runtime.
Bug: http://b/110100358
Test: treehugger
Test: make libjnitest
Change-Id: Ief3054161f3e255d048370975f7dd90cf7ad3687
This includes an ld128 powl, plus the clog* and cpow* families.
Also teach the NOTICE generator to strip SPDX-License-Identifier lines.
Bug: N/A
Test: ran tests
Change-Id: Ic8289d1253666a19468a4088884cf7540f1ec66d
Add two functions to allow objects that own a file descriptor to
enforce that only they can close their file descriptor.
Use them in FILE* and DIR*.
Bug: http://b/110100358
Test: bionic_unit_tests
Test: aosp/master boots without errors
Test: treehugger
Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45
POSIX says it's unspecified whether setjmp is a macro or a function,
but C11 says it's a macro, and the C standard always wins.
Bug: https://github.com/android-ndk/ndk/issues/744
Test: ran tests
Change-Id: I4a1abc37724f8e9d9498f2093ef3c1f3b8253949
I don't think this will help the original submitter, because <resolv.h>
is mostly useless on Android. One day we might have a deprecation and
removal policy for the NDK, but until then we should probably maintain
this header.
Bug: https://github.com/android-ndk/ndk/issues/739
Test: ran tests
Change-Id: I2db859abfdebc3824c997462fa6133d5b355a8dd
There is a hang when enabling leak_track since the dumping of the
leak data can wind up doing an allocation.
Add new system unit test to make sure this doesn't happen again.
Bug: 111146059
Test: Test program that leaks does not hang forever.
Test: Unit tests pass.
Change-Id: Icf99be58ba5db98ee124a471b957a086045f5870
pclose(3) is now an alias for fclose(3). We could add a FORTIFY check
that you use pclose(3) if and only if you used popen(3), but there seems
little value to that when we can just do the right thing.
This patch also adds the missing locking to _fwalk --- we need to lock
both the global list of FILE*s and also each FILE* we touch. POSIX says
that "The popen() function shall ensure that any streams from previous
popen() calls that remain open in the parent process are closed in the
new child process", which we implement via _fwalk(fclose) in the child,
but we might want to just make *all* popen(3) file descriptors O_CLOEXEC
in all cases.
Ignore fewer errors in popen(3) failure cases.
Improve popen(3) test coverage.
Bug: http://b/72470344
Test: ran tests
Change-Id: Ic937594bf28ec88b375f7e5825b9c05f500af438
Bug: http://b/111265772
uchar.h is not available in the glibc used for the host. Since Bionic's
stdatomic.h is also used for the host (via a copy in prebuilts/clang)
guard the include with a check for __BIONIC__.
Also replace the check for C11 around definition of
atomic_char_{16,32}_t with a check for __BIONIC__. While we're here,
check if __cplusplus is defined before checking its value. This avoids
a potential -Wundef warning.
Test: Build
Change-Id: Icb62150d978703175b78d8ad12b42cf98b424b9a
As for others targets, it is better to align function text by minimim
cacheline size. This patch changes arm __bionic_asm_align to 16.
Test: bionic tests on aarch64.
Change-Id: Ib121663c65493d33d6803e2c5139d247a8cae858
We want to delay the emutls pthread key deletion to keep
__thread/thread_local variables working as long as possible.
Currently, emutls has its own __attribute__((destructor)) function that
deletes its pthread key. That function runs even on process exit, and it
can run before other destructor functions and before C++ static object
destructors.
Move the destructor function to crtbegin_so.c, where an
__attribute__((destructor)) function is only called on dlclose. Use a
priority 0 destructor, which runs after every destructor with a default or
greater priority value.
__emutls_unregister_key will still run before destructor functions of
DT_NEEDED solibs. It also still leaks memory (both the emutls arrays and
each emutls object).
Bug: b/80453944
Test: manual
Change-Id: I6789bcf168415ab8badf2f64687c6a0136c5c917
Bump the version from v1.1 to v1.2 and add a build fingerprint line.
Update the heap dump documentation to match the new format and reflect
what made it in P and what made it in Q.
Update the unit tests for this change.
Add -O0 to unit test code to make it easier to debug.
Add an external function that can be used by the framework code
so that there is only one way to dump the heap.
Bug: 110095681
Test: Ran unit tests.
Test: Did a dump of a real process and verified fingerprint.
Test: Did a dump of a process without malloc debug enabled.
Change-Id: I769a476cbeaf4c85c5d75bd6d6385f0e3add948c
Merged-In: I769a476cbeaf4c85c5d75bd6d6385f0e3add948c
(cherry picked from commit c84a2a2601)
In order to support shared libraries in the recovery mode, the dynamic
linker is now built with recovery_available: true option.
In addition, a few more modules (such as libasync, etc.) are also marked
as recovery_available: true as they are transitive dependencies of the
dynamic linker.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: `adb root && adb shell` and then
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: Idd981d8cf25568a85b24032cf78e50adfd5f4a7f
__libc_sysinfo is hidden, so accessing it doesn't require a relocated GOT.
It is important not to have a relocatable initializer on __libc_sysinfo,
because if it did have one, and if we initialized it before relocating the
linker, then on 32-bit x86 (which uses REL rather than RELA), the
relocation step would calculate the wrong addend and overwrite
__libc_sysinfo with garbage.
Asides:
* It'd be simpler to keep the __libc_sysinfo initializer for static
executables, but the loader pulls in libc_init_static (even though it
uses almost none of the code in that file, like __libc_init).
* The loader has called __libc_init_sysinfo three times by the time it
has relocated itself. A static executable calls it twice, while libc.so
calls it only once.
Bug: none
Test: lunch aosp_x86-userdebug ; emulator
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest/bionic-unit-tests-static/bionic-unit-tests-static
Change-Id: I5944f57847db7191608f4f83dde22b49e279e6cb
- It is only needed for dynamic executables, so move the initialization
out of __libc_init_main_thread and just before the solib constructor
calls. For static executables, the slot was initialized, then never
used or cleared. Instead, leave it clear.
- For static executables, __libc_init_main_thread already initialized the
stack guard, so remove the redundant __init_thread_stack_guard call.
- Simplify the slot access/clearing a bit in __libc_preinit.
- Remove the "__libc_init_common() will change the TLS area so the old one
won't be accessible anyway." comment. AFAICT, it's incorrect -- the
main thread's TLS area in a dynamic executable is initialized to a
static pthread_internal_t object in the linker, then reused by libc.so.
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest/bionic-unit-tests-static/bionic-unit-tests-static
Change-Id: Ie2da6f5be3ad563fa65b38eaadf8ba6ecc6a64b6
The current code checks out the android kernel tree. Long ago, we moved
to using the linux kernel source code. Modify the script to actually
do this.
Bug: 6653610
Test: Ran the script using the --download_kernel option and without.
Change-Id: I769e769edea272f4f8c9c8d2e76bd336059c66e3
This adds a new option backtrace_full, when it is set, then it will use
libunwindstack.
Modify the dump to file data to dump the extra information from libunwindstack.
Along with the new dump file format, change the version to v1.1.
Updated document for new format of file data.
Add unit tests for the new functionality.
Bug: 74361929
Test: Ran unit tests.
Change-Id: I40fff795f5346bba7b9d7fde2e04f269ff4eb7f1
Global flag --pack-dyn-relocs=android is used with clang lld.
For b/24465209, we need to override that with --pack-dyn-relocs=none.
Bug: 80093890
Bug: 24465209
Test: build with USE_CLANG_LLD=true and run dlext.compat_elf_hash_and_relocation_tables
Change-Id: Ic3837446ff0deccf4e66425b39d3b062abcacc5e
See longer explanation in b/80093890.
Clang lld does not generate expected DT_REL and DT_RELA tags
with --hash-style=both and --pack-dyn-relocs=android.
I am not sure about the extent of b/24465209, so
I would rather not to use lld for these .so files for now.
Bug: 80093890
Bug: 24465209
Test: build with USE_CLANG_LLD=true and run dlext.compat_elf_hash_and_relocation_tables
Change-Id: I94e9fe8d687daeadb0182ae26596ca11d3f8bd9b
Require that users and groups found in /vendor/etc/{passwd,group}
start with vendor_. This is needed to compliance with Treble as
without this prefix, it is possible for a new system image to create a
user/group name that a vendor has already used, causing a collision.
Bug: 79528966
Test: new unit test
Change-Id: I07500641e165f41526a8101592d83fa174e7a711
Libraries that are direct or indirect dependencies of modules installed
to recovery partition (e.g. toybox) are marked as recovery_available:
true. This allows a recovery variant of the lib is created when it is
depended by other recovery or recovery_available modules.
Bug: 67916654
Bug: 64960723
Bug: 63673171
Bug: 29921292
Test: m -j
Change-Id: I59bf859a10a218af6591025a0fe7d1853e328405
Bug: 78133793
Bug: 78242072
Test: Builds and ran to verify best libc routines.
Change-Id: I2299b8f0f6379c9003072764978ea917b74aee4f
Merged-In: I2299b8f0f6379c9003072764978ea917b74aee4f
(cherry picked from commit 3162eb3b81)
POSIX says ftw/nftw "shall fail" in various cases where BSD's fts_open
doesn't. Since our ftw/nftw are written in terms of fts_open, add a back
door so we can hint to ourselves when we should have the POSIX semantics.
Also pull several O_CLOEXEC and don't-null-check-before-free cleanups
from upstream, and add a couple of tests.
Bug: http://b/31152735
Test: ran bionic tests and LTP "nftw01" test
Change-Id: Ib05facacc1da4c8b2ab48e9ecce88f11a5406630
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
The code (and comment) have been like this since the initial commit, but
there was never a test of this, and glibc seems to have been returning
EINVAL (as POSIX says it should) since long before Android existed.
Bug: http://b/31154352
Test: ran tests
Change-Id: Ica1ea836a4a5699ef0d956fe9c0f322e567de34d
This complements __libc_init_main_thread in setting up main thread
under native bridge.
Test: run_tests
Bug: 77877742
Change-Id: I53efab66f285a1b9f0ab36d44386fa1e2621e4ba
(cherry picked from commit 4c9504aa6c)
Apparently this didn't make it to all android-16 devices. As far as
we know it did make it for all android-17 devices.
Test: make checkbuild
Bug: https://github.com/android-ndk/ndk/issues/647
Change-Id: I2f07cfb1254e2a203c1c10b91b0be46bf37ea853
* Linker rules for lld do not work with libunwind_llvm yet.
Bug: 78118944
Test: make checkbuild and boot
Change-Id: I0eda2409d9f365029f70f4255edffbeae49cb6d2
When compiling on/for at least Lollipop, always use the fortified
versions of FD_X macros. This works around side-effect issues (which
are explicitly called out in the specification) and generally
increases robustness of code.
Bug: 77986327
Test: mmma bionic
Test: m
Test: bionic_unit_tests
Change-Id: I9096c6872770e46ba5ab64e7375ff83fc0518e07
This reverts commit 2e7145c048.
When src is at the end page, the sse2 strlcpy SSE2 optimized version
can issue a movdqu instruction that can cross the page boundary. If
the next page is not allocated to that process, it leads to
segmentation fault. This is a rare but has be caught multiple times
during robustness testing.
We isolated a way to reproduce that issue outside of an Android device
and we have been able to resolve this particular case. However, we
ran some additional compliance and robustness tests and found several
other similar page crossing issues with this implementation.
In conclusion, this optimization needs to be re-written from scratch
because its design is at cause. In the meantime, it is better to
remove it.
Change-Id: If90450de430ba9b7cd9282a422783beabd701f3d
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Changes
- Refactor the code so that only guards require creating a special header
for every pointer allocated.
- Store only a single copy of every backtrace. This saves memory so that
turning on the backtrace option doesn't result in 10X memory usage.
- Added new option track_allocs that only verifies pointers are valid for
free/malloc_usable_size/realloc.
- Remove suffix from test names.
- Add the TRACK_ALLOCS options to all guard options.
- Add new option verify_pointers that is a lightweight way to verify
pointers that are passed to allocation routines.
- Do auto-formatting of the code.
- Updated documentation for all of these changes.
Bug: 74361929
Test: Ran unit tests.
Test: Ran libmemunreachable unit tests.
Test: Ran an app with backtrace enabled.
Change-Id: I3246c48ae4f9811f64622d90d0a9b4d9d818702c
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
This reverts commit 040c28a023.
Reason for revert: reland since the actual problem has been fixed
Change-Id: Ifd8a85b0de2eb6f2a76a6458570fc03b020a90ab
Test: the apps in the bug no longer crashes.
Bug: 76461821
Several privileged syscalls are still needed before a zygote-fork hangs
over the execution to the apps.
Test: system starts, different apps run
Bug: 63944145
Bug: 76461821
Change-Id: I78da54dac509eb073bc2aa7b820a1f6b0c39a775
521b41 "Allow system processes to use vfork"
ed74ab "Move some syscalls in commmon whitelist to app"
An implementation bug actually assigns the system seccomp filter to all
processes after zygote forks.
Test: the apps in the bug no longer crashes.
Bug: 76461821
I've deliberately not bothered with the GCC implementation because we'll
have removed GCC from the NDK before anyone gets to use this.
Bug: http://b/72493232
Test: ran tests
Change-Id: Icfc2a3b214739ab53aa41bacacc11b5c67498fb4
As a follow up to Ibba98f5d88be1c306d14e9b9366302ecbef6d534, where we
added a work around to convert the CLOCK_REALTIME timeouts to
CLOCK_MONOTONIC for pthread and semaphore timed wait functions, we're
introducing a set of _monotonic_np versions of each of these functions
that wait on CLOCK_MONOTONIC directly.
The primary motivation here is that while the above work around helps
for 3rd party code, it creates a dilemma when implementing new code
that would use these functions: either one implements code with these
functions knowing there is a race condition possible or one avoids
these functions and reinvent their own waiting/signaling mechanisms.
Neither are satisfactory, so we create a third option to use these
Android specific _monotonic_np functions that completely remove the
race condition while keeping the rest of the interface.
Specifically this adds the below functions:
pthread_mutex_timedlock_monotonic_np()
pthread_cond_timedwait_monotonic_np()
pthread_rwlock_timedrdlock_monotonic_np()
pthread_rwlock_timedwrlock_monotonic_np()
sem_timedwait_monotonic_np()
Note that pthread_cond_timedwait_monotonic_np() previously existed and
was removed since it's possible to initialize a condition variable to
use CLOCK_MONOTONIC. It is added back for a mix of reasons,
1) Symmetry with the rest of the functions we're adding
2) libc++ cannot easily take advantage of the new initializer, but
will be able to use this function in order to wait on
std::steady_clock
3) Frankly, it's a better API to specify the clock in the waiter function
than to specify the clock when the condition variable is
initialized.
Bug: 73951740
Test: new unit tests
Change-Id: I23aa5c204e36a194237d41e064c5c8ccaa4204e3
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug:69623036
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
This also tweaks cdefs to make __overloadable usable outside of
FORTIFY. It had to be FORTIFY-only before we had unmarked overload
support in clang+Bionic.
Bug: https://github.com/android-ndk/ndk/issues/402
Test: Internal master builds + `mma`. `mma` in Bionic fails if the
change to ioctl is undone.
Change-Id: Ib386b1786e1dca625e6d5a18682005adc734d9c1
For apps built for Android < P, return EBUSY.
For apps built for Android >= P, abort.
This is to keep old apps work, and help debugging
apps built for >= P.
Bug: http://b/74632097
Test: run bionic-unit-tests.
Test: run bionic-benchmark.
Change-Id: I5271565a1a6ad12678f85d558a7f862a2b7aab4b
System libc talks to out-of-process daemon thus it's better to not
duplicate that functionality in native bridge.
Bug: 67993967
Test: make
Change-Id: Iabc887a94082806d048bc98bf8d3b21c7531d60d
It seems clearer to include FD_SETSIZE in the message. set_size
is sizeof(fd_set) so there's an extra mental hoop to jump if that's
in the error message.
Test: make
Change-Id: I5cdb62465b658ac0eaeccbfb826d135820cf613a
This is for passing additional instructions through stages of the
DNS resolution pipeling.
Test: as follows
- builds, flashes, boots
- system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 70694619
Bug: 72345192
Change-Id: I5a86cc5192e6cfa09c375ac9f5810102da3aba20
java.lang.ProcessBuilder is internally using vfork in the current
configuration (see UNIXProcess_md.c in libcore).
Test: On an x86 Chromebook, trigger dropbox error event (1. settings
put global logcat_for_system_app_anr 50; 2. kill -19 `pidof
com.android.settings'; touch Settings). Saw seccomp error in
logcat but only without this fix.
Test: fyi, not reproducible on walleye (arm64)
Bug: 74441404
Change-Id: I1f40ae0fe0607c5834ecbe040ed31c4c0e42131d
We've ignored %n for a long time, but that's dangerous too because it
makes it unclear whether the corresponding pointer argument should be
supplied or not.
Remove the ambiguity by just rejecting %n outright.
Bug: http://b/31832608
Test: ran tests
Change-Id: Ic046ad3436a30c6f8f580ea738bdcaeb01c858f8
Kernel expects a 64 bit offset, so if a
user's offset is 32 bit, the wrapper will
drop the sign. To fix, sign extend the
32 bit value before doing the syscall.
Bug: 31225071
Test: pwritev02 32 bit passes
Change-Id: Ie272601662c2c35b0e8d8fc3823c9063c2f73e64
We saw crashes from pthread_exit+debuggerd on LP32
(https://issuetracker.google.com/72291624), and it seems like the
equivalent problem should exist with system(3). I fixed posix_spawn(3)
as part of that bug, so the easiest fix is probably to reuse that.
Bug: http://b/72470344
Test: ran tests
Change-Id: I05f838706f2b4a14ac3ee21292833e6c8579b0d4
No reasonable response is larger than about 4K, and this should reduce the ability of misbehaving DNS servers to waste system resources.
Test: Integration tests pass
Change-Id: I43da94f57f9b376d08a1b176e0aedb6720148833
Otherwise clang inlines it into pthread_sigmask(3), which breaks libsigchain.
Bug: http://b/73344857
Test: ran tests, plus the app this broke
Change-Id: Ie4a1dc8f9c6ba58d1a2fa69aeff961c70b74767d
All code that needs to use the frozen version of ion.h header should
have a copy, so move to the version as parsed from the real headers.
Test: Compiled and boots.
Change-Id: If9feae9c163ca64c4862045e86611fd3cf1fc18e
With the goal of disallowing exit time destructors, SystemProperties's
non-trivial destructor needs to be removed. This means replacing the
union hack with yet another hack as we don't want to allocate anything
despite relying on some polymorphism.
Bug: 73485611
Test: boot bullhead
Change-Id: I64223714c9b26c9724bfb8f3e2b0168e47b56bc8
Having any destructor with a global variable in bionic is causing
some issues. Since we don't actually need to munmap in this case, we
remove the destructor to work around that issue.
A small class is used to still munmap during tests.
Bug: 73485611
Test: bionic unit tests
Change-Id: Ibcd45e9b1ab22d187ecfc2738bb87244250d81ea
If the mmap'ed file doesn't end in a new line, previously we'd leak
the mmap'ed region. This change now munmap's the region.
Test: unit tests
Change-Id: If28d3d9a6b1b9c54123beecb3bbbe8ed984ca81d
Trivial, obvious counterpart to the standard ferror(3) and clearerr(3),
and lets us build bison out of the box.
Bug: http://b/64273806
Test: ran tests
Change-Id: I20affabddb71210051165c41e86adfe5ae04f77f
Added to each ucontext_t for source compatibility between platforms where
sigset_t and sigset64_t differ (arm, x86) and where they're the same
(all the rest).
Bug: http://b/72493232
Test: ran tests
Change-Id: I65a37bfa177933701bbe6c2350448885fd0f9c43
We've been using #pragma once for new internal files, but let's be more bold.
Bug: N/A
Test: builds
Change-Id: I7e2ee2730043bd884f9571cdbd8b524043030c07
Use the malloc debug framework to implement the malloc debug hooks
since it can introduce a performance issue.
Also, modify the bionic/tests/utils.h slightly to dump an error message
when the exe failed.
Bug: 30561479
Test: Ran malloc hook unit tests.
Test: Ran malloc debug unit tests.
Test: Enabled malloc hooks and ran bionic unit tests and verified no
Test: unexpected failures.
Test: Enabled malloc debug and malloc hooks and verified malloc debug wins.
Test: Enabled malloc debug using env, property, and property with name
Test: still works.
Change-Id: Ib50046a0493c5c2050cf831befb812310bdcc249
(cherry picked from commit d6a1dc2379)
Caused problems for some Google source switching to unified headers
because the legacy headers just used #define instead.
Bug: http://b/73210428
Test: builds
Change-Id: If8a36f284031e57af419903610029a8c34a23d91
sigset_t is already large enough on mips so use the same principle
as on LP64 architectures: typedef sigset_t sigset64_t
Also prevent accessing sa_restorer field for architectures which
don't define SA_RESTORER in signal_test.
This allows compilation of signal_test.
Test: bionic-unit-tests in QEMU (MIPS32)
Change-Id: I965e202c9a7f7d109e4ec25ad87172dc7c1b8806
The (lowest) address of the argument area (aka ESP immediately prior to
the call instruction) must be aligned to 0 mod 16. Here, it is aligned to
12 mod 16.
From the SysV ABI doc (2.2.2 The Stack Frame)
"""The end of the input argument area shall be aligned on a 16 (32, if
__m256 is passed on stack) byte boundary. In other words, the value
(%esp + 4) is always a multiple of 16 (32) when control is transferred to
the function entry point."""
Test: extract code into a separate C file and verify stack alignment in a
"start_main" function
Test: use the upcoming NDK r17-beta1 (with new Bionic crtbegin*.o files)
with an M-23 x86 system image, check alignment in main (compiled with
Clang not GCC, compiled w/o -mstackrealign)
Bug: b/73140672
Change-Id: Ia8d93fe5668d0a514a9fd22c40bf8362805111e6
Add the capability to read /etc/passwd and /etc/group for getpw* and
getgr* functions.
Bug: 27999086
Test: pwd, grp, grp_pwd_file unit tests
Test: Read in custom users/groups from /etc/{passwd,group}
Change-Id: Idc1f054af8a7ca34743a90493495f0ccc775a0d8
This is a follow up to I47b0560a30aa33a9b1f1978dfb7f84d2e3d389b8.
This fixes MIPS32 build.
Test: successful build and boot aosp_mips-eng
Change-Id: Ia5b245f5536d8fd037f1798bbdf6215c5f059045
The math on the size calculation was wrong as the type of
__exidx_start/__exidx_end was unsigned rather than a char. Make a
struct that represents each item instead and remove the division.
Test: built artifacts and used them in the NDK
Bug: None
Change-Id: Ic2c0c123a369b9319e8645d806d659290eb2f69c
These three functions are the only reason we need libandroid_support
post-L. Add these so we can remove it entirely for LP64 or users
targeting L+.
Test: make checkbuild
Test: build/soong/scripts/build-ndk-prebuilts.sh
Test: Imported the prebuilts generated from the above to the NDK,
`./checkbuild.py && ./run_tests.py` with a handful of patches
to remove libandroid_support for L+.
Bug: None
Change-Id: I39f8ee686bd76ebdb2fc3745b013d56175ba8ff0
Now that we have a clang that supports transparent overloads, we can
kill all of this cruft, and restore our upstream sources to their
untouched glory. Woohoo!
Bug: 12231437
Test: Built aosp_marlin; no obvious patch-related aosp_mips issues.
Change-Id: I520a19d014f12137f80e43f973dccd6711c571cd
The error handling was a mess, resulting in an infinite loop
(and a test timeout) if you actually took the /dev/urandom
fallback. I'm also unconvinced that the getrandom(2) path was correct
because of the various reasons why we might get a short count back
(http://man7.org/linux/man-pages/man2/getrandom.2.html). In this version,
the two paths look very similar except for the getrandom(2) failure case,
where it's now much clearer that we just give up so that we can boot
(http://b/33059407).
Bug: http://b/33059407
Bug: http://b/67015565
Test: ran tests on hikey and a ICS Galaxy Nexus
Change-Id: Ie715d59b46f7a70bae66943c316168838787b40d
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Test: Added integration tests for fallback to the netd suite.
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
Add fast path calling PIMutexTryLock() in pthread_mutex_lock.
Add trace for pi mutex waiting.
Bug: http://b/29177606
Test: run bionic-unit-tests.
Test: run bionic-benchmarks.
Change-Id: I30b6436692d5ea6b63ca9905df745edb843b5528
Our arm and x86 ABIs shipped with a 32-bit `sigset_t`, so we need to
use sigprocmask64 to save/restore the RT signals too. (This is important
because several are in use by the system, and the behavior of our 32-bit
`sigset_t` is to clear the RT signals.)
Bug: http://b/72493232
Test: ran tests
Change-Id: Idff91f8b2849276e5a3073d07eccd84e02a34410
This doesn't address `struct sigaction` and `sigaction`. That will
come later.
Bug: http://b/72493232
Test: ran tests
Change-Id: I4134346757ce3a4dac6feae413361cec16223386
No effect right now, because sigprocmask on LP32 also only touches
the non-RT signals, but this makes it easier to switch to __rt_sigprocmask.
Bug: http://b/72460436
Test: ran tests
Change-Id: I693f0ea36701e9ab5d10e6aefb26387ba45a6064
The main motivation here is that the sigprocmask in pthread_exit wasn't
actually blocking the real-time signals, and debuggerd (amongst other
things) is using them. I wasn't able to write a test that actually won
that race but I did write an equivalent one for posix_spawn.
This also fixes all the uses of sigset_t where the sigset_t isn't
exposed to the outside (which we can't easily fix because it would be
an ABI change).
Bug: https://issuetracker.google.com/72291624
Test: ran tests
Change-Id: Ib6eebebc5a7b0150079f1cb79593247917dcf750
This change modifies the encoding used in SHT_RELR sections to a simpler
version that gives better results. This encoding was suggested by Andrew
Grieve and is described in this post on generic-abi@googlegroups.com:
https://groups.google.com/d/msg/generic-abi/bX460iggiKg/Pi9aSwwABgAJ
Bug: None
Test: Built image for marlin, flashed on device, ran arm and
aarch64 binaries containing '.relr.dyn' sections using
the new encoding.
Change-Id: I266affe0fbad91dc375995985a221cb02499447b
Static variable initialization calls pthread_mutex_lock() and may lead to
deadlock if should_trace() is called in pthread_mutex_lock context.
Here is a stack of blocked init process:
__cxa_guard_acquire ->
should_trace ->
bionic_trace_begin ->
__pthread_mutex_lock_with_timeout ->
__cxa_guard_release ->
should_trace ->
bionic_trace_begin ->
__pthread_mutex_lock_with_timeout ->
mutex::lock ->
LogMessage::~LogMessage
......
So we need to move it out
Test: 1 Compiled and booted.
2 Reboot pressure test for more than 30000 times.
Change-Id: I8d97745161f1aa8942b63338208ea74830768ae1
Signed-off-by: Wei Li <sirius.liwei@huawei.com>
Signed-off-by: Jinguang Dong <dongjinguang@huawei.com>
The history has no motivation for <asm/termbits.h>, and other C libraries
don't seem to include any of the extra types and constants that gains us.
This caused problems building FFMPEG, which defines its own B0.
Bug: https://github.com/android-ndk/ndk/issues/630
Test: builds
Change-Id: If032b9fa7860777c13f7bd8e68fb78ff606dcd94
* Variadic functions usually cannot be inlined.
* Do not use misleading __always_inline attribute,
and also avoid early clang 7.0 compiler bug.
Bug: 72412382
Test: build and boot aosp*-eng in emulator
Change-Id: I7490976166581abc626f397ad408581ada0ed308
__exidx_start and __exidx_end are not actual values to be read, just
symbols placed before and after .ARM.exidx.
The default linker script for ARM static executables includes these
lines:
__exidx_start = .;
.ARM.exidx : { *(.ARM.exidx*) }
__exidx_end = .;
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0474c/BABEHEDA.html
Test: used __gnu_Unwind_Find_exidx in a static executable and showed
non-bogus values
Test: verified that this fixes#593 in the NDK
Bug: https://github.com/android-ndk/ndk/issues/593
Change-Id: Ib35a4b6c82920666ae8a45aa0a2d43e458699b51
These sources are going to be used for the NDK as well, and the NDK
still uses GCC.
This partially reverts commit
4af220cfef. That commit also removed
this symbol from the linker's crtbegin (it has its own). That is
still only built with Clang, so we don't need to revert that part.
Test: treehugger
Bug: None
Change-Id: Iba231baf298e228135bdf48dfed87f9089975eb1
We're going to start using the bionic sources for the NDK CRT
objects, so we need to avoid using symbols that weren't around in
early versions of Android. The NDK is currently building the CRT
objects with GCC as well (there were some segfaults that have yet to
be diagnosed), so move `__used` to the GCC compatible location.
Test: treehugger
Bug: None
Change-Id: I1f5c23eafadc2e3bc0b84bc3305f79a04d35c7d8