We need to be able to store build fingerprints that are over 92 characters
long, which is the current restriction for system property value
length.
Increasing the value maximum across the board has plenty of caveats,
particularly that an allocator would be required to handle
deallocation when replacing long property values with short values.
There is also no compelling reasons to do this.
But, increasing the length of simply read-only properties, such as the
build fingerprint, has less caveats as there will never be a
deallocation of these strings.
This change uses spare bits in the top of serial (only spare for
read-only properties) to indicate if a property is 'long' or not. The
information required to access these 'long' properties is stored in a
union where the legacy property value is located. An error message is
retained for legacy callers.
The new property is readable via __system_property_read_callback() and
most importantly android::base::GetProperty and higher level (Java,
`getprop`) callers. All code should move to these higher level
functions as much as possible.
Bug: 23102347
Bug: 34954705
Test: bionic unit tests
Change-Id: Ia85e0d979b92afff601cc52b39114379617a0c64
While this was never an inline, this function alone has caused most of
the bug reports related to _FILE_OFFSET_BITS=64. Providing an inline
for it should allow a lot more code to build with _FILE_OFFSET_BITS=64
when targeting pre-L.
Test: make checkbuild
Test: built trivial cc_binary for LP32 against API 14 with
_FILE_OFFSET_BITS=64 set
Bug: lots
Change-Id: I8479d34af4da358c11423bee43d45b59e9d4143e
On aarch64/x86/x86_64 add a macro that inserts a cfi directive that will
stop unwinding.
For arm, clang doesn't allow emitting .cantunwind, so add a comment and
leave it the same as it current is.
Add this macro to __libc_init and __start_thread.
Also, remove duplicate compilation of libc_init_static.cpp that already
includes the static library that includes that file.
Bug: 15469122
Test: Did unwinds using new unwinder tool (unwind) and debuggerd -b
Test: and verified new unwinder works on aarch64/x86/x86_64.
Test: Verified that it works on old unwinder for aarch64/x86, but
Test: x86_64 doesn't work properly, but as well as before.
Change-Id: I77302e8f6c7ba1549d98a4a164106ee82c9ecadc
The newest of these clocks was added in Linux 2.6.12, so no need for runtime
checks.
Add CTS tests that we can actually use the various clocks.
Bug: http://b/67458266
Test: ran tests
Change-Id: I3cfd7982043d6f8d4ebdc2b29e8722334f443ce5
Return EAGAIN rather than aborting if we fail to set up the TLS for a new
thread.
Add a test that uses all the VMAs so we can properly test these edge cases.
Add an explicit test for pthread_attr_setdetachstate, which we use in the
previous test, but other than that has no tests.
Remove support for ro.logd.timestamp/persist.logd.timestamp, which doesn't
seem to be used, and which prevents us from logging failures in cases where
mmap fails (because we need to mmap in the system property implementation).
Bug: http://b/65608572
Test: ran tests
Change-Id: I9009f06546e1c2cc55eff996d08b55eff3482343
This also fixes a long-standing bug where the guard region would be taken
out of the stack itself, rather than being -- as POSIX demands -- additional
space after the stack. Historically a 128KiB stack with a 256KiB guard would
have given you an immediate crash.
Bug: http://b/38413813
Test: builds, boots
Change-Id: Idd12a3899be1d92fea3d3e0fa6882ca2216bd79c
(Where errno is relevant.)
Also consistently use -1 as the fd for anonymous mmaps. (It doesn't matter,
but it's more common, and potentially more intention-revealing.)
Bug: http://b/65608572
Test: ran tests
Change-Id: Ie9a207632d8242f42086ba3ca862519014c3c102
We can cut a lot of stuff out of the NDK's libandroid_support with this,
and reduce unnecessary relocations for all LP32 code. LP64 code should
be unaffected.
Bug: https://issuetracker.google.com/64450768
Bug: https://github.com/android-ndk/ndk/issues/507
Test: ran tests, plus manual readelf on the _test.o files
Change-Id: I3de6015921195304ea9c829ef31665cd34664066
For treble enabled devices, still return the appropriate shell depending
on whether the process is a vendor process or a system one.
Test: Manual testing: on a bullhead device, ran test programs from
/vendor/bin which used popen() and system(). The calls succeeded.
Bug: 65054230
Bug: 64516799
Merged-In: I15dfdbb107cfca7c0f92f337c9bb46b9876eb38e
Change-Id: I15dfdbb107cfca7c0f92f337c9bb46b9876eb38e
(cherry picked from commit 1e52871773)
I'm unable to find a bug, but we've had requests for this internally
once or twice (though I pointed those folks at the STL), and there's
code we build for the host or in our bootloaders that would use this,
and there's reasonable-looking FreeBSD implementation ready and waiting.
Bug: N/A
Test: ran tests
Change-Id: I6ddee4b71bea4c22ed015debd31d3eaac4fcdd35
On LP32 mem_unit will be 4096 to allow more than 4GiB in the "ulong"
fields, but we need to promote to a 64-bit type before we multiply.
Bug: N/A
Test: tested manually with an x86 static binary on my 64GiB desktop.
Signed-off-by: YiPing Xu <xuyiping@hisilicon.com>
Change-Id: Id663932503b75793bb7c26a008129f3e2e4cccbf
This used to be used by the ARM longjmp implementation, but hasn't been in
libc.so for as long as we've used a linker script.
Bug: N/A
Test: builds
Change-Id: I3dff4d154d5e317955c349c9eaa08b982cbf0285
libc++ actually provides overloads for all the standard C library stuff,
so we just need to handle the POSIX and GNU extensions, of which there
are just two more: memrchr and strcasestr.
Bug: http://b/22768375
Test: builds
Change-Id: Ie9ed1fbcc794e14a0c9bba13b5307ad677949613
Library calls like system() and popen() invoke the shell executable
pointed to by '_PATH_BSHELL' in order to run the command passed into the
function. The _PATH_BSHELL points to /system/bin/sh by default and thus
breaks any vendor process trying to use system() / popen(), as they are
denied access to system shell by selinux.
This CL make necessary changes, so the implmentations of system() and popen()
can use the appropriate shell (e.g. /vendor/bin/sh for processes running
out of /vendor partition). Also, changes the implementation of system()
and popen().
Bug: 64832610
Test: Manual, Using a test program running from /system/bin and
/vendor/bin to ensure correct shell is being used.
Change-Id: Ie7168d69decb1ae98284446ae7db34dec930dc33
Merged-In: Ie7168d69decb1ae98284446ae7db34dec930dc33
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit aa3e32422c)
pthread's and semaphore's default behavior is to use CLOCK_REALTIME,
however this behavior is essentially never intended, as that clock is
prone to change discontinuously.
What users really intend is to use CLOCK_MONOTONIC, however only
pthread_cond_timedwait() provides this as an option and even there, a
large amount of existing code does not opt into CLOCK_MONOTONIC.
We have seen numerous bugs directly attributable to this difference.
Therefore, we provide this general workaround to always use
CLOCK_MONOTONIC for waiting, regardless of what the input timespec
is.
Specifically this impacts the below APIs:
pthread_mutex_timedlock()
pthread_cond_timedwait()
pthread_rwlock_timedrdlock()
pthread_rwlock_timedwrlock()
sem_timedwait()
Test: boot bullhead, boot sailfish
Test: bionic pthread/semaphore unit tests
Test: check that pthread_cond_timedwait() timeouts are uneffected by
CLOCK_REALTIME time changes
Bug: 64694413
Bug: 64623895
Bug: 35756266
Bug: 35678943
Change-Id: Ibba98f5d88be1c306d14e9b9366302ecbef6d534
Strictly, the mode isn't really meaningful unless you supply O_EXCL,
but the kernel will take it and fstat will return it even if you
never give the file a name.
Also warn for O_TMPFILE without a mode at compile time where possible.
Bug: N/A
Test: ran tests
Change-Id: I729b6d6e6190676fd017a1190b6200bf9abdbfd8
This also has a handful of style fixups, to make this file more
consistent. And removes __bionic_zero_size_is_okay_t, since there's a
better workaround available.
Bug: 12231437
Test: m checkbuild on bionic internal master; CtsBionicTestCases show
no new failures.
Change-Id: I75a020630dbab0ce828563502900cba14ae992d1
We've never really used __restrict: only <string.h> and <stdio.h> (which
are still very similar to upstream BSD headers) consistently have these
annotations. Neither clang nor GCC warns for trivial cases, and there's
little obvious documentation benefit.
Bug: http://b/30833514
Test: builds
Change-Id: I3e4384281865475d0c55d764b546d8166419ee31
This addresses post-commit feedback from
I88c39ca166bacde0b692aa3063e743bb046a5d2f. With this, our FORTIFY impl
now sits in one file.
Bug: 12231437
Test: mma; no new CtsBionicTestCases failures on bullhead internal
master.
Change-Id: I6f9ff81c3e86cf9d6a0efa650eb5765f1e2fa09c
As requested in the bug. This also rips __memcpy_chk out of memcpy.S,
which lets us cut down on copypasta (all of the implementations look
identical).
Bug: 12231437
Test: mma on aosp_{arm,arm64,mips,x86,x86_64} internal master;
checkbuild on bullhead internal master; CtsBionicTestCases on bullhead.
No new failures.
Change-Id: I88c39ca166bacde0b692aa3063e743bb046a5d2f
AFAICT, all of these were added prior to the new-style FORTIFY going
in. Because clang saw two definitions of the "same" function, it got
upset. (e.g. 35d937e4eb)
Now that our FORTIFY functions are overloads of their library functions,
these undefs can be removed.
(This is a step toward making FORTIFY a library with -U_FORTIFY_SOURCE
on it, as requested in the bug.)
Bug: 12231437
Test: CtsBionicUnitTests. No new failures.
Change-Id: I844ff77106ee2bea72ae1cd0bb85d146939ecd05
...by inlining them.
Also fix a couple of harmless bugs in passing. I've added tests, but in
both cases I don't think it was actually possible to hit the bad behavior:
we'd hit another test and fail immediately after in an externally
indistinguishable way.
Bug: N/A
Test: readelf
Change-Id: I8466050b0bfe2b7b94c76b383cf10c1d9d28debd
We don't need these in libandroid_support, but we do need the other
parts of wchar.cpp, and they're not really related.
Test: make checkbuild
Bug: None
Change-Id: I40f3089b034abfd4873e81c0b6216a7cfd977d8d
libandroid_support shouldn't be using Bionic's TLS slot. Add a
thread_local based implementation. We can't use the thread_local
implementation in bionic because the linker needs this and pthread
thread-locals (which is how thread_local is implemented) doesn't work
that early.
Test: make checkbuild
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Bug: https://github.com/android-ndk/ndk/issues/300
Change-Id: I7dcbf554ade2264d541d722fa3f86df04926e67a
Upstream's killpg is diverging further from glibc behavior, so let's just fork.
Bug: N/A
Test: ran tests
Change-Id: I70a3543018bc0a5c0bbf019ac527043b90568fda
Before this change we have the old NDK inline termios functions with the
modern constants. Unfortunately the old NDK inline functions relied on
hacking the constants. Fix things by sharing the implementation between
the platform and the NDK headers.
Bug: https://github.com/android-ndk/ndk/issues/441
Test: ran tests
Change-Id: I2773634059530bc954167f29c4783413a2294d5a
Warnings:
bionic/libc/bionic/fts.c:722:5: warning: Null passed to a callee that
requires a non-null 1st parameter
bionic/libc/bionic/sched_cpualloc.c:34:25: warning: Result of 'malloc'
is converted to a pointer of type 'cpu_set_t', which is incompatible
with sizeof operand type 'unsigned long'
bionic/linker/linker_main.cpp:315:7: warning: Access to field 'e_type'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:493:66: warning: Access to field 'e_phoff'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:90:14: warning: Access to field 'next'
results in a dereference of a null pointer (loaded from variable 'prev')
Bug: None
Test: mma; analyzer warnings are gone. CtsBionicTestCases pass.
Change-Id: I699a60c2c6f64c50b9ea06848a680c98a8abb44a
__libc_preinit sets up the stack protector global cookie value, and thus
cannot intialize a stack protector cookie for itself in the function
prologue. LTO compilation can inline functions requiring a stack
protector into __libc_preinit. This patch disables stack protection for
__libc_preinit and forces all potentially inlined functions into a
helper that can have a stack protector.
Test: run bionic-unit-tests
Change-Id: I45911611190f216c91eb6feff722967214c5f99f
With this, stack frame 0 is the abort, not tgkill.
arm:
#00 pc 0001a41c /system/lib/libc.so (abort+63)
arm64:
#00 pc 000000000001d75c /system/lib64/libc.so (abort+120)
Also "include what you use" for <sys/syscall.h>.
Bug: N/A
Test: ran `crasher abort` and `crasher64 abort`
Change-Id: I6517ac67b39b4133e890d52efc115071c812958b
No other C library expose these, and I couldn't find any callers.
Bug: http://b/62531921
Test: builds
Change-Id: I4a3505bc0897286a4036c48066b98d16665b573a
This breaks code that declares `errno` itself for whatever crazy reason:
b.c:22:12: error: conflicting types for '__errno'
extern int errno;
^
/usr/local/google/ndkports/toolchain/bin/../sysroot/usr/include/errno.h:47:20: note: expanded from macro 'errno'
#define errno (*__errno())
^
/usr/local/google/ndkports/toolchain/bin/../sysroot/usr/include/errno.h:44:15: note: previous declaration is here
volatile int* __errno(void) __attribute_const__;
^
Bug: N/A
Test: built various bits of GNU source
Change-Id: I27c03bf3bde419a001f98f1ea6c267c847f31271
File libc/SYSCALLS.TXT is updated to generate bionic's system call wrappers
for clock_gettime() & gettimeofday() that will be called if kernel vdso
implementations fail to execute.
The system call wrappers are generated using a python script gensyscalls.py.
Since all architectures support vdso now, there is no more need for conditional
statements regarding supported architectures in libc/bionic/vdso.cpp &
libc/private/bionic_vdso.h files.
Test: builds
Change-Id: I7213f29c179a7929851499d78a72900638ae861a
Signed-off-by: Goran Ferenc <goran.ferenc@imgtec.com>
/vendor is not mounted in recovery and so the property initialization
must not fail if the vendor property context is not found.
Bug: 38212419
Test: boot into recovery, mount system and run adb shell getprop
Change-Id: I9f7c2fe2b20da86194eff8e7bf94b2352e50bf27
Signed-off-by: Sandeep Patil <sspatil@google.com>
Add the mallopt function, and only a single option so far.
Bug: 36401135
Test: Built and booted bullhead.
Test: Ran jemalloc unit tests.
Test: Ran bionic unit tests.
Test: Ran a test that allocated and free'd a large piece of memory,
Test: and verified that after changing the parameter, the PSS
Test: sticks around (decay timer set to 1), the PSS is purged (decay
Test: timer set to 0).
Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
__isthreaded is annoying for ARC++ and useless for everyone. Just hard-code
the value in ndk_cruft for LP32 and be done with it.
Bug: N/A
Test: builds
Change-Id: I08f11a404bbec55ed57cb1e18b5116163c7d7d13
Switch raise to using tgkill with direct syscalls of getpid/gettid,
and switch abort to use raise(SIGABRT).
Bug: http://b/37769298
Test: debuggerd_test
Change-Id: If6f9d17fd8ae6177e742dc9f2f44bd78539431ba
(cherry picked from commit bf2af69fb2)
Switch raise to using tgkill with direct syscalls of getpid/gettid,
and switch abort to use raise(SIGABRT).
Bug: http://b/37769298
Test: debuggerd_test
Change-Id: If6f9d17fd8ae6177e742dc9f2f44bd78539431ba
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
Netflix was using this, and looking the header file, although
__system_property_find_nth has been available since the beginning of time,
__system_property_foreach only appeared in 16. So anyone who wants to run
on pre-JellyBean devices would want to use __system_property_find_nth.
It's pretty much a one-liner in terms of __system_property_foreach anyway,
so it doesn't cost us anything to keep it.
Also restore slightly better tests than we originally removed.
Bug: http://b/36566667
Test: ran tests
(cherry picked from commit 438e01940b)
Change-Id: I639f2142ad4ba049b990b13ccccd255be4b4f479
Netflix was using this, and looking the header file, although
__system_property_find_nth has been available since the beginning of time,
__system_property_foreach only appeared in 16. So anyone who wants to run
on pre-JellyBean devices would want to use __system_property_find_nth.
It's pretty much a one-liner in terms of __system_property_foreach anyway,
so it doesn't cost us anything to keep it.
Also restore slightly better tests than we originally removed.
Bug: http://b/36566667
Test: ran tests
Change-Id: Id268c2c2e848da17bb0a5a5420af234d9dcb829a
This is the last bionic caller that was manually trying to cache
property values.
Bug: N/A
Test: builds and boots
Change-Id: Id66c0a05d8448f08c39dbf7189241e75615d44b4
We're currently reporting errno from the clean up call to close(),
which is much less interesting than the failing connect() call that
precedes it. This change reports errno from the connect() call
instead.
Bug: 36249702
Test: Boot bullhead, bionic unit tests
Test: Fake bad end point and see relevant error returned
Change-Id: Icadec463f50cd0a2a2faa08f049a7996cd32786f
User code on a non-treble device was starting with errno == ENOENT rather
than 0 because of this treble support:
openat(AT_FDCWD, "/property_contexts", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
faccessat(AT_FDCWD, "/system/etc/selinux/plat_property_contexts", R_OK) = -1 ENOENT (No such file or directory)
This caused us to fail some toybox tests by reporting bogus errno values
where errno should have been left unset:
PASS: date -d @0
FAIL: date -d @0x123
echo -ne '' | TZ=UTC date -d @0x123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '@0x123'
+date: bad date '@0x123': No such file or directory
PASS: date -d 06021234
PASS: date -d 060212341982
FAIL: date -d 123
echo -ne '' | TZ=UTC date -d 123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '123'
+date: bad date '123': No such file or directory
PASS: date -d 1110143115.30
PASS: date -d 111014312015.30
PASS: date Unix time missing @
Bug: http://b/37248982
Test: ran tests
(cherry picked from commit 7ade61cae2)
Change-Id: I4c680da14f3df16dc5a9884071e48f3221ad3b3b
User code on a non-treble device was starting with errno == ENOENT rather
than 0 because of this treble support:
openat(AT_FDCWD, "/property_contexts", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
faccessat(AT_FDCWD, "/system/etc/selinux/plat_property_contexts", R_OK) = -1 ENOENT (No such file or directory)
This caused us to fail some toybox tests by reporting bogus errno values
where errno should have been left unset:
PASS: date -d @0
FAIL: date -d @0x123
echo -ne '' | TZ=UTC date -d @0x123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '@0x123'
+date: bad date '@0x123': No such file or directory
PASS: date -d 06021234
PASS: date -d 060212341982
FAIL: date -d 123
echo -ne '' | TZ=UTC date -d 123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '123'
+date: bad date '123': No such file or directory
PASS: date -d 1110143115.30
PASS: date -d 111014312015.30
PASS: date Unix time missing @
Bug: http://b/37248982
Test: ran tests
Change-Id: Iacf08c89dbe207ec53a7837e6ac7f78f5541ef35
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
