Commit graph

179 commits

Author SHA1 Message Date
Edgar Arriaga
128ef8e981 Add bionic headers for process_madvise
Test: atest bionic-unit-tests-static
Bug: 173258203
Change-Id: I396945b95de364055b87cc53321aed4fad4ebc70
2021-01-14 19:34:40 -08:00
Steven Moreland
0cdf132f84 Expose per-process memory init.
In order to disable memory initialization for a process, the following
command can be used:

    android_mallopt(M_DISABLE_MEMORY_MITIGATIONS, nullptr, 0);

Since this is needed in vendor processes, this is exposing this
functionality to llndk. For convenience (and adding standard logging),
a helper function is being added into libcutils in order to use this,
w/o having to get into so many details.

Bug: 166675194
Test: use function from libcutils
Change-Id: Ia816089a9f3469c50c70afaa7244abeac5a51dcd
2020-10-09 00:33:30 +00:00
Peter Collingbourne
5d3aa86cd1 Add an API for per-process disabling memory initialization.
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.

Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).

It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().

Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
2020-10-08 14:02:36 -07:00
Elliott Hughes
a1e3f2c502 Expose a function to reset the stack protector for the zygote.
This is already covered by the existing test by virtue of being used for
all threads.

Bug: http://b/168258494
Test: treehugger
Change-Id: I5c872fd7f30a4c79de1d70e7702f4b12d4e94cd3
2020-09-11 08:56:58 -07:00
Vy Nguyen
d500751443 Add a thread-properties API
(Based on proposal at https://sourceware.org/glibc/wiki/ThreadPropertiesAPI)

This includes API to:
 - locate static and dynamic TLS
 - register thread-exit and  dynamic TLS creation/destruction callbacks

Change-Id: Icd9d29a5b2f47495395645e19d3b2c96826f19c8
2020-08-11 16:51:43 +00:00
Dan Albert
14dcbf89ce Add API constant for S.
Test: treehugger
Bug: http://b/152037166
Change-Id: I9039377e80574cd59e13726a12072fe3002df67d
2020-04-09 12:38:53 -07:00
Elliott Hughes
4a6899ce0c Add ffsl(3), ffsll(3).
POSIX added these GNU extensions for issue 8.

I've made these always inline without the usual "until API level X"
proviso because they're single instructions that the compiler can inline
and there's really no point providing these if they add function call
overhead --- everyone should just use __builtin_ffs() and friends
instead in that case.

Bug: https://austingroupbugs.net/view.php?id=617
Test: treehugger
Change-Id: I33fc4b8648ea25917329e81c1b4c60eb9a66d667
2020-03-26 11:43:05 -07:00
Elliott Hughes
733cedd1c4 Add a libc wrapper for statx(2).
Bug: http://b/127675384
Bug: http://b/146676114
Test: treehugger
Change-Id: I844edc12f62717e579870a040cf03dfe60dc280b
2020-02-23 11:36:53 -08:00
Elliott Hughes
56a9fda610 Remove dead code.
We haven't built any of this for years.

Test: treehugger
Change-Id: I3f8a85e9530af68587f47931d850eb60631a9481
2020-02-13 22:25:02 -08:00
Peter Collingbourne
5f45c18a7f Add an android_unsafe_frame_pointer_chase function.
This function will be used by Scudo and GWP-ASan to efficiently collect
stack traces for frames built with frame pointers.

Bug: 135634846
Bug: 135772972
Change-Id: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Merged-In: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
2020-02-03 10:30:45 -08:00
Josh Gao
7596250722 Move fdtrack APIs to LLNDK.
Test: logcat -c; fdtrack_test; logcat -d
Change-Id: Ib6f75a7c8bbc4d6efa0708dcbbfe4ad3c0641022
2020-01-30 13:55:10 -08:00
Josh Gao
97271920bf Add a tool to track down fd leaks.
Add a hook that's called upon file descriptor creation to libc, and a
library that uses it to capture backtraces for file descriptor creation,
to make it easier to hunt down file descriptor leaks.

Currently, this doesn't capture all of the ways of creating a file
descriptor, but completeness isn't required for this to be useful as
long as leaked file descriptors are created with a function that is
tracked. The primary unhandled case is binder, which receives file
descriptors as a payload in a not-trivially-parsable byte blob, but
there's a chance that the leak we're currently trying to track down
isn't of a file descriptor received over binder, so leave that for
later.

Bug: http://b/140703823
Test: manual
Change-Id: I308a14c2e234cdba4207157b634ab6b8bc539dd9
(cherry picked from commit b7eccd4b15)
2020-01-30 13:55:10 -08:00
Peter Collingbourne
39d9156bdc Merge "Export the unwinder implementation from libc." 2020-01-21 21:28:44 +00:00
Peter Collingbourne
f2b1e03606 Export the unwinder implementation from libc.
This supports the soong commit which causes most platform binaries to stop
statically linking against the unwinder implementation. The soong commit
message has more motivation for this change.

ARM32 uses LLVM libunwind, while all other platforms use libgcc as the
unwinder implementation. This matches the current choices of unwinders on
the various architectures, but means that apps which were directly linking
against the libc.so unwinder symbols on ARM32 are now using LLVM libunwind
instead of libgcc.

Set libc_headers sdk_version to 1 so that libunwind_llvm can depend on it,
and stop statically linking libunwind into libc_malloc_debug.

Bug: 144430859
Change-Id: I52c7f7893d93f500383aeb0b76086c3b6f1935a5
2020-01-10 19:07:59 -08:00
Logan Chien
aaffa3c6d4 versioner: Update libc.map.txt to match annotations
This commit removes several symbol versions (API 14 and 15) from
`libc.map.txt` because we no longer support NDK with those API levels.
This also matches the versioner annotations in the header files.

This commit also annotates twalk() with __INTRODUCED_IN(21).  It was
accidentally removed in aosp/1157510.

Test: source development/vndk/tools/header-checker/android/envsetup.sh && \
      source build/envsetup.sh && \
      lunch aosp_arm64-userdebug && \
      m versioner && \
      ./bionic/tools/versioner/run_tests.py
Change-Id: I211fe5b7b1b66793d5e76a8676f9d18825f96b5e
2019-12-23 07:13:33 -08:00
Peter Collingbourne
73166c8bfb Stop exporting certain deprecated unwinder symbols from libc.so and libm.so.
We have data that indicates that we no longer need to export the libgcc
unwinder's implementation detail symbols from libc.so, as well as the entire
unwinder interface from libm.so, so stop exporting them.

Bug: 144430859
Change-Id: Iebb591c4a121abe6368d9854ec96819abe70a006
2019-11-15 15:59:58 -08:00
Jiyong Park
a4fe44e339 Rename # vndk tag to # llndk
The APIs that are tagged with # vndk are actually for LLNDK libraries.
Although LLNDK is part of VNDK, calling those APIs 'vndk' has given
users a wrong perception that the APIs don't need to be kept stable
because that's the norm for most of the VNDK libraries that are not
LLNDK.

In order to eliminate the misunderstanding, rename the tag to 'llndk' so
that people introducing new such API will realize what they are signing
themselves up for.

Bug: 143765505
Test: m
Merged-In: I56e49876410bd43723a80d0204a9aef21d20fca9
(cherry picked from commit 3e2cd44aa4)
Change-Id: I56e49876410bd43723a80d0204a9aef21d20fca9
2019-11-13 14:31:26 +09:00
George Burgess IV
23e6f0a900 libc: remove now-unused FORTIFY functions
As of I2037548cc2061e46c379931588194c21dfe234b4, these are no longer
used. Since they're new in R, we can remove them instead of keeping
backwards compat 'forever'. Take that opportunity now.

Bug: 141267932
Test: TreeHugger
Change-Id: I13f94cdcff6e75ad19b964be76445f113f79559b
2019-10-07 19:09:38 -07:00
Elliott Hughes
3d24d2b088 Add memfd_create(2) and mlock2(2).
These are old enough now that the latest devices will have kernels that
support them.

Also add basic doc comments to <sys/mman.h>.

Test: treehugger
Change-Id: I1b5ff5db0b6270f5c374287cac1d6a751a0259f5
2019-08-05 16:31:08 -07:00
Elliott Hughes
05b675e8bf Add renameat2.
Bug: http://b/127675384
Test: new tests
Change-Id: Ia2e3d5679180391ca98e62fa429fa11cbf167507
2019-08-02 09:09:59 -07:00
Ryan Prichard
30feb645f9 Enable traditional TLS accesses on arm64
Handle generic DTPMOD/DTPREL relocations on arm64. Expose __tls_get_addr.

Bug: http://b/123385182
Test: manual -- compile code using arm64 gcc -mtls-dialect=trad
Change-Id: I99d2faae35d1ebffc1be8de50b4a1f5e21b14348
2019-07-30 20:55:54 -07:00
Tom Cherry
69010802d0 Implement new clock wait functions
pthread_cond_clockwait
pthread_mutex_clocklock
pthread_rwlock_clockrdlock
pthread_rwlock_clockwrlock
sem_clockwait

Bug: 35756266
Test: new unit tests
Change-Id: I71bd25eeec6476134b368d5bdf2f729d0bba595e
2019-07-15 09:06:19 -07:00
George Burgess IV
849c0b9f51 fortify: add __mempcpy_chk
Bug: 131861088
Test: mma + bionic-unit-tests on blueline
Change-Id: I02f8f87d5db0ba5fecec410da32f6ffa2c98ef57
2019-06-13 23:29:37 -07:00
George Burgess IV
2356c93d39 fortify: add bit checking for open(at)?64 functions
This also adds _2-variants for these functions, for extra glorious
checking

Bug: 131861088
Test: mma
Change-Id: I80475ff4bb220c0c47894e9532426f53412f176f
2019-06-13 23:26:02 -07:00
Elliott Hughes
738a6c92e5 <arpa/nameser.h>: fix INTRODUCED_IN API level.
Historical research (see bug) suggests that these functions were all in
22. The map file believed this with one (presumably typoed) exception,
but the header file didn't match the map file. It looks like the map was
correct (modulo the one typo), so fix up all the disagreement.

Bug: http://b/113618851
Test: treehugger
Change-Id: Ia579f4e6163206abfac79aa54dc98c792f00ee86
2019-06-06 09:57:54 -07:00
Colin Cross
b9667b51a8 Export some symbols for vendor libmemunreachable
Add the malloc symbols used by libmemunreachable to the VNDK, and
make libc_malloc_debug_backtrace vendor_available.

Bug: 132302484
Test: m checkbuild
Change-Id: Ide555195afa084c13eaeaf0eab6ff90787b5f2d0
2019-05-17 14:26:31 -07:00
Christopher Ferris
23c056dbcb Add removed platform functions used by apps.
Added get_malloc_leak_info and free_malloc_leak_info for arm 32 bit
only so that the kindle app will continue to run.

Bug: 132175052

Test: Ran kindle app, read pdf file. Verified libKindleReaderJNI.so
Test: is loaded in memory properly.
Change-Id: Ib1ea3a37b3729f9bcc2739c5f3a584ea8f66d200
Merged-In: Ib1ea3a37b3729f9bcc2739c5f3a584ea8f66d200
(cherry picked from commit 235f35a266)
2019-05-08 15:43:25 -07:00
Elliott Hughes
8c3140a612 Merge "threads.h: Add C11 thread support." 2019-04-24 20:33:08 +00:00
Elliott Hughes
4206711352 threads.h: Add C11 thread support.
FreeBSD, glibc, and musl have all implemented C11 threads at this
point. POSIX is looking at how to align with it. Probably time to jump
on the bandwagon ourselves...

Implemented in the same style as <termios.h> so we can provide this
functionality even on older API levels. This does mean that this is
strictly more expensive than calling pthread functions directly.

Although this isn't in POSIX yet, assume that it's going to be basically
the same as C11 and add the header test anyway. We should revisit this
when POSIX actually adds <threads.h>.

Test: new tests
Change-Id: I8602d67ce71ca7f8ed1529daa0a8ea1feb083dd6
2019-04-24 09:12:29 -07:00
Christopher Ferris
30659fd243 Move all leak info functions to android_mallopt.
Bug: 130028357

Test: malloc_hooks unit tests.
Test: Enable backtrace for mediaserver, run dumpsys media.player -m
Test: Enable backtrace for calendar, run am dumpheap -n <PID> <FILE>
Change-Id: I6774e28ccd9b3f2310127a5b39ccd15fe696a787
Merged-In: I6774e28ccd9b3f2310127a5b39ccd15fe696a787
(cherry picked from commit 3aadc5e80a)
2019-04-19 11:27:02 -07:00
Christopher Ferris
8189e77bbb Remove gMallocLeakZygoteChild.
Remove this global variable and change the setting of it to non-zero
to a call to android_mallopt.

In addition, change the initialize function to use pass a bool* instead of
int*.

Bug: 130028357

Test: Ran malloc_debug/malloc_hooks/perfetto tests.
Change-Id: I20d382bdeaaf38aac6b9dcabea5b3dfab3c945f6
Merged-In: I20d382bdeaaf38aac6b9dcabea5b3dfab3c945f6
(cherry picked from commit 5225b342f0)
2019-04-16 11:22:06 -07:00
Christopher Ferris
1fc5ccfe76 Add a platform API for setting an allocation limit.
Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(),
which can be used to set an upper bound on the total size of all
allocations made using the memory allocation APIs.

This is useful for programs such as audioextractor and mediaserver
which need to set such a limit as a security mitigation. Currently
these programs are using setrlimit(RLIMIT_AS) which isn't exactly
what these programs want to control. RLIMIT_AS is also problematic
under sanitizers which allocate large amounts of address space as
shadow memory, and is especially problematic under shadow call stack,
which requires 16MB of address space per thread.

Add new unit tests for bionic.

Add new unit tests for malloc debug that verify that when the limit
is enabled, malloc debug still functions for nearly every allocation
function.

Bug: 118642754
Test: Ran bionic-unit-tests/bionic-unit-tests-static.
Test: Ran malloc debug tests and perfetto integration tests.
Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
2019-03-15 10:54:55 -07:00
Yi Kong
e3d90de50b Switch libm to libcrt.builtins
After switching libm from libgcc to libcrt.builtins, some of the symbols
are no longer getting included in libm, causing the compiler to complain
about missing symbols from the version script. Explicitly export them in
libc (since libm depends on libc).

Bug: 122993571
Test: m checkbuild
Test: bionic-unit-tests
Change-Id: Ie91765874d20df605f557b1a8c4236619553c549
2019-02-22 13:33:15 -08:00
Yi Kong
165b1cf57b Switch libc to libcrt.builtins
With the switch to libcrt.builtins, some symbols no longer becomes
exported. Add dummy references to them to force them to be exported.
This is to maintain backwards binary compatibility with ancient Android
versions.

x86 and x86_64 crashes with libcrt, keep using libgcc for now.

Test: bionic-unit-tests
Bug: 29275768
Bug: 122993569
Change-Id: Ieab5af354e3924af4a03d888b28c6e75090cb613
2019-02-15 12:46:19 -08:00
Ryan Prichard
16455b5100 Implement dynamic TLS accesses and allocation
Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and
any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation
counter, incremented in the linker, to signal when threads should
update/reallocate their DTV objects.

A generation count of 0 always indicates the constant zero DTV.

Once a DTV is allocated, it isn't freed until the thread exits, because
a signal handler could interrupt the fast path of __tls_get_addr between
accessing the DTV slot and reading a field of the DTV. Bionic keeps a
linked list of DTV objects so it can free them at thread-exit.

Dynamic TLS memory is allocated using a BionicAllocator instance in
libc_shared_globals. For async-signal safety, access to the
linker/libc-shared state is protected by first blocking signals, then by
acquiring the reader-writer lock, TlsModules::rwlock. A write lock is
needed to allocate or free memory.

In pthread_exit, unconditionally block signals before freeing dynamic
TLS memory or freeing the shadow call stack.

ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C".
(The header now includes a C++ template that doesn't compile inside
extern "C".)

Bug: http://b/78026329
Bug: http://b/123094171
Test: bionic unit tests
Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-25 17:53:01 -08:00
Ryan Savitski
ecc37e3877 conditional zygote child heap profiling + android_internal_mallopt
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.

With this & the corresponding framework change, we should now be
handling the 4 combinations of:
  {java, native} x {profile_at_runtime, profile_at_startup}.

See internal go/heapprofd-java-trigger for further context.

Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
(cherry picked from commit 998792e2b6)
Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
2019-01-23 18:30:54 +00:00
Jiyong Park
606191fd61 Revert "Expose more symbols temporarily"
This reverts commit 220f51e566.

The internal modules that were using extra symbols are all fixed.

Bug: 120266448
Test: m ndk_translation_all in cf_x86_phone
Change-Id: I561b16de1c320d2624e7cf8e6211e0c70edc823d
2019-01-17 04:04:42 +09:00
Treehugger Robot
98564b8c74 Merge changes from topic "move_bionic_to_apex"
* changes:
  Expose more symbols temporarily
  Add stubs variants for bionic libs
2019-01-11 16:59:15 +00:00
Ryan Prichard
45024fefe7 Add ARM EABI function __aeabi_read_tp
By default, Clang uses this arm32 function to read the thread pointer,
either for ELF TLS or via __builtin_thread_pointer(). It's probably better
to inline the cp15 access using -mtp=cp15, but that's not the default yet.

See https://reviews.llvm.org/D34878?id=114573.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I93b8926075f0b2cea8df9ef518d54f2820a8ff5b
2019-01-07 20:30:35 -08:00
Jiyong Park
220f51e566 Expose more symbols temporarily
Following additional symbols are temporarily exposed from the runtime APEX
to satisfy the dependencies from other non-AOSP modules. This will be
reverted when the modules are built with the boostrap bionic libraries.

Bug: 120266448
Test: m
Change-Id: I39ac40a40545723ea2aeb185b9cd293d511f802f
2019-01-04 22:29:36 +09:00
Jiyong Park
c45fe9f7bd Add stubs variants for bionic libs
Bionic libs are part of the runtime APEX (com.android.runtime). In order
to be able to update the runtime APEX independetly from the platform, we
have to prevent things outside of the APEX from using bionic symbols
that are not guaranteed to be stable. Otherwise, platform could break
when a symbol is removed from the libs via the APEX update.

To achive this goal, this change adds stubs variant to the bionic libs.
With this, things outside of the runtime APEX (i.e. other APEXes and the
platform) are built with the stubs variants that provide only the
symbols that are guaranteed to be stable.

The set of symbols are basically the same as the symbols available to
NDK clients. However, there are a few additional symbols that are not
available for NDK but should be made available for platform components.
They are marked with "# apex" tag. Symbols with that tag are not exposed
to apps (via NDK stubs) or vendors (via LLNDK stubs).

Note that the stubs is a build-time only artifact. It is used just to
break the build when private symbols are used outside of the runtime
APEX. At runtime, the real library in the APEX is used.

Bug: 120266448
Test: m
Test: m bionic-unit-tests
Change-Id: I7b8d75830c81d7d7d54e2fca21a85b3417531b47
2019-01-04 22:29:36 +09:00
Elliott Hughes
d19b3c5274 Generate the per-arch .map files at build time.
We shouldn't be checking in these generated files...

Bug: N/A
Test: ran tests
Change-Id: Ib67c1ba839eacd7acebd713e1dcd4dd2c25d67f0
2018-12-17 12:26:42 -08:00
Elliott Hughes
2d0b28bc0d Add getloadavg(3).
Lets us build ninja with bionic.

Bug: N/A
Test: ran tests
Change-Id: I97eef1247d794b58a2b9aee4851551632e5a4e48
2018-10-23 11:23:00 -07:00
Elliott Hughes
b177085ce7 Add reallocarray(3).
Originally a BSD extension, now in glibc too. We've used it internally
for a while.

(cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.)

Bug: http://b/112163459
Test: ran tests
Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
2018-09-26 14:24:18 -07:00
Elliott Hughes
ce934e3d9b Add android_get_device_api_level.
Bug: http://b/113615412
Test: ran tests
Change-Id: I0a7ae336c96c9ed6543b6935cbc242d14d4a4a67
2018-09-06 14:19:46 -07:00
Josh Gao
726b63f725 Implement pthread_sigqueue.
Bug: http://b/112770187
Test: bionic-unit-tests
Change-Id: I03382cd5df2490b2e87265dba9007e2cb1b14cd2
2018-08-27 16:48:17 -07:00
Josh Gao
b6b3a1d4f9 fdsan: expose functions to get and interpret tags.
Make it easier to write tests in users of fdsan by exposing functions
to allow users to get and interpret the tags.

Test: bionic_unit_tests
Change-Id: Iafa9bcaeb5e4db230f3dfec6f483274f34602694
2018-08-23 23:10:52 -07:00
Josh Gao
e16082f717 fdsan: expose the address of the table to the platform.
Let the debuggerd handler get the address of the fdsan table so that
crash_dump can parse it and print it out in tombstones.

Test: debuggerd `pidof adbd`
Change-Id: I2297200cae52d0ff24479dba55d1ab4938583501
2018-08-06 18:48:52 -07:00
Ryan Prichard
6fdfd92e56 Use LIBC_Q for LIBC_PRIVATE / LIBC_PLATFORM
Bug: none
Test: run bionic unit tests
Change-Id: I59794597db9cbd23c917498e5e82296a379c8fb5
2018-07-31 00:17:02 -07:00
Josh Gao
f6e5b58260 Introduce api to track fd ownership in libc.
Add two functions to allow objects that own a file descriptor to
enforce that only they can close their file descriptor.

Use them in FILE* and DIR*.

Bug: http://b/110100358
Test: bionic_unit_tests
Test: aosp/master boots without errors
Test: treehugger
Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45
2018-07-19 14:28:54 -07:00