Bionic's getauxval(...) implementation returns zero when entries are
missing. Zero can be a valid value, so there is no unambiguous way of
detecting an error. Since glibc 2.19, errno is set to ENOENT when an
entry is missing to make it possible to detect this. Bionic should match
this behavior as code in the Linux ecosystem will start relying on it to
check for the presence of newly added entries.
Change-Id: Ic1efe29bc45fc87489274c96c4d2193f3a7b8854
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
1. Move the representation of thread join_state from pthread.attr.flag
to pthread.join_state. This clarifies thread state change.
2. Use atomic operations for pthread.join_state. So we don't need to
protect it by g_thread_list_lock. g_thread_list_lock will be reduced
to only protect g_thread_list or even removed in further changes.
Bug: 19636317
Change-Id: I31fb143a7c69508c7287307dd3b0776993ec0f43
Make this change because I think it is more reasonable to check stack info
in pthread_getattr_np. I believe pthread_attr_t is not tied with any thread,
and can't have a flag saying who using it is the main thread.
This change also helps refactor of g_thread_list_lock.
Bug: 19636317
Change-Id: Iedbb85a391ac3e1849dd036d01445dac4bc63db9
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.
Fix the kernel system call so that no flags argument is passed in.
Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.
For example, consider the following code:
symlink("foo.is.dangling", "foo");
if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
}
The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.
Some further discussions of this are at:
* http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
* http://permalink.gmane.org/gmane.linux.lib.musl.general/6952
AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.
Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.
Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
The overflow's actually in the generic C implementation of memchr.
While I'm here, let's switch our generic memrchr to the OpenBSD version too.
Bug: https://code.google.com/p/android/issues/detail?id=147048
Change-Id: I296ae06a1ee196d2c77c95a22f11ee4d658962da
The .note.android.ident section is only used by GDB, which doesn't
care what section type the section is, but it would be convenient
for readelf -n to be able to find the section too.
The old way of getting the .note.android.ident section to be of type
SH_NOTE involved compiling from .c to .s using gcc, running sed to
change progbits to note, and then compiling from .s to .o using gcc.
Since crtbrand.c only contains a section containing data, a
crtbrand.S can be checked in that will compile on all platforms,
avoiding the need for sed.
Also add crtbrand.o to crtbegin_so.o so that libraries also get
the note, and to the crt workaround in arm libc.so.
Change-Id: Ica71942a6af4553b56978ceaa288b3f4c15ebfa2
crtbrand.c was compiled to a .s file, run through a sed script
to translate a %progbits to %note, and the compiled to .o.
However, when the sed command was copied from the original source
it was not updated to use the new name of the section (.note.ABI-tag
to .note.android.ident), so it didn't modify the file. Since the
section has been generated with type %progbits instead of %note for
two years, just delete the whole sed step.
Change-Id: Id78582e9b43b628afec4eed22a088283132f0742
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:
for LP64 these will be hidden. for LP32 we were cowards and left
them all public for compatibility (though i don't think we ever
dremeled to see whether it was needed). we don't have an easy
way to recognize additions, though, so we can't prevent adding
new turds.
Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.
Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Don't send the trailing NUL bytes to the logger, call strlen if we already
know the length, or cast more specifically than we need to.
Change-Id: I68c9388a22bddea49120a1022dda8db8991360c1
Move various mips-only things into the arch-mips directory. As soon as mips
writes assembler replacements, we can remove these.
Change-Id: Ia7308559bc361f5c8df3e1d456b381865e060b93
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
If pthread_detach() is called while the thread is in pthread_exit(),
it takes the risk that no one can free the pthread_internal_t.
So I add PTHREAD_ATTR_FLAG_ZOMBIE to detect this, maybe very rare, but
both glibc and netbsd libpthread have similar function.
Change-Id: Iaa15f651903b8ca07aaa7bd4de46ff14a2f93835
<signal.h> shouldn't get you the contents of <errno.h>, and <fcntl.h>
shouldn't get you the contents of <unistd.h>.
Change-Id: I347499cd8671bfee98e6b8e875a97cab3a3655d3
Found by the toybox id(1) which calls both getpwuid(3) and getgrgid(3) before
looking at either result. The use of a shared buffer in this code meant that
even on a single thread, the data for any of the passwd functions would be
clobbered by the data for any of the group functions (or vice versa).
This might seem like an insufficient fix, but POSIX explicitly says (for
getpwnam) that the result "might be overwritten by a subsequent call to
getpwent(), getpwnam(), or getpwuid()" and likewise for other members of
that group, plus equivalent text for the group-related functions.
Change-Id: I2272f47e91f72e043fdaf7c169fa9f6978ff4370
Several cache related queries are added, such as
_SC_LEVEL1_DCACHE_LINESIZE, _SC_LEVEL1_DCACHE_SIZE and etc. For the
moment, we always return 0 for these queries.
Change-Id: I36f67af8128672d8c1eef49d6f2431cca5a94719
Based on the package/apps/Terminal implementation. I'll switch them over
shortly. This also lets us build the toybox version of netcat.
Change-Id: Ia922a100141a67409264b43b937eeca07b21f344
Unfortunately, this change provokes random crashes for ART, and
I have seen libc crashes on the device that might be related to it.
Reverting it fixes the ART crashes. there is unfortunately no
stack trace for the crashes, but just a "Segmentation fault" message.
This reverts commit cc5f6543e3.
Change-Id: I68dca8e1e9b9edcce7eb84596e8db619e40e8052
POSIX specifies that pthread_kill(3) and pthread_sigmask(3) are
supposed to live in signal.h rather than pthread.h.
Since signal.h now needs pthread_t and pthread_attr_t, I've moved
those defintions into include/machine/pthread_types.h to keep the
namespace clean. I also sorted some includes. The combination of these
two things seems to have exploded into a cascade of missing includes,
so this patch also cleans up all those.
Change-Id: Icfa92a39432fe83f542a797e5a113289d7e4ad0c
stdin/stdout/stderr are special; their mutexes are initialized by
__sinit. There's no unit test for this, because __sinit has already
been called by the time the first unit test runs, but you could
reproduce this failure with a trivial main() that calls flockfile
or ftrylockfile on one of the standard streams before otherwise
using stdio.
Bug: 18208568
Change-Id: I28d232cf05a9f198a2bed61854d8047b23d2091d
On LP32, this makes no difference. Not an ABI change.
On LP64, results are going to be in %rax or x0 whether they're 32- or 64-bit,
and the only difference is going to be whether the top bits are clobbered.
Bug: 18390956
Change-Id: I0bd4496231bdded34c1fa03e895021ac0df7f8e1
This catches one trivial difference between us and glibc --- the error
returned by pthread_setname_np for an invalid pthread_t.
Change-Id: If4c21e22107c6488333d11184f8005f8669096c2
change to behaviour the same as glibc for the check about buflen
Change-Id: I98265a8fe441df6fed2527686f89b087364ca53d
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Strictly speaking, this only implements the _l variants of the functions
we actually have. We're still missing nl_langinfo_l, for example, but we
don't have nl_langinfo either.
Change-Id: Ie711c7b04e7b9100932a13f5a5d5b28847eb4c12
When setting a repeat timer using the SIGEV_THREAD mechanism, it's possible
that the callback can be called after the timer is disarmed or deleted.
This happens because the kernel can generate signals that the timer thread
will continue to handle even after the timer is supposed to be off.
Add two new tests to verify that disarming/deleting doesn't continue to
call the callback.
Modify the repeat test to finish more quickly than before.
Refactor the Counter implementation a bit.
Bug: 18039727
(cherry pick from commit 0724132c32)
Change-Id: I135726ea4038a47920a6c511708813b1a9996c42
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.
Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
valgrind seems to mess with the stack enough that the kernel will
report "[stack:pid]" rather than "[stack]" in /proc/self/maps, so
switch to the task-specific file instead to force "[stack]". (There
are two conditions in the kernel code that decides which form to
output.)
Bug: 17897476
Change-Id: Iff85ceb6d52e8716251fab4e45d95a27184c5529
It turns out that appportable has a version that calls dlmalloc directly.
Re-add the dlmalloc symbol for 32 bit only as a compatibility shim that
calls malloc.
Bug: 17881362
(cherry pick commit from c9734d24d9)
Change-Id: Iee9a777f66a1edb407d7563a60792b767ac4f83a
__open_2() is used by the fortify implementation of open(2) in
fcntl.h, and as such needs an unmangled C name. For some reason
(inlining?), this doesn't cause problems at the default optimization
level, but does for -O0.
The rest of these didn't cause build failures, but they look suspect
and probably will, we just haven't caught them yet.
Bug: 17784968
Change-Id: I7391a7a8999ee204eaf6abd14a3d5373ea419d5b
This library calls pthread_mutex_lock and pthread_mutex_unlock with a NULL
pthread_mutex_t*. This gives them (and their users) one release to fix things.
Bug: 17443936
Change-Id: I3b63c9a3dd63db0833f21073e323b3236a13b47a
At -O0, the attribute warning on sprintf is actually triggered (why
doesn't this happen with -Os?!) and promoted to an error by -Werror.
asctime64_r() is a non-standard function, but the IBM docs state that
the buffer is assumed to be at least 26 characters wide, and the
format string does limit to that (assuming a 4 digit year, also
defined by the IBM docs).
http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxbd00/asctimer.htm
Change-Id: I1c884474a769aa16c53e985c3d8d694c478c1189
Unlike times(), clock_gettime() is implemented as a vDSO on many architectures.
So, using clock_gettime() will return a more accurate time and do so with less
overhead because it does have the overhead of calling into the kernel.
It is also significantly more accurate because it measures the actual time in
nanoseconds rather than the number of ticks (typically 1 millisecond or more).
Bug: 17814435
Change-Id: Id4945d9f387330518f78669809639952e9227ed9
strtoll(3), strtoull(3), wcstoll(3), and wcstoull(3) all take an _int_
as a base, not a size_t. This is an ABI compatibility issue.
Bug: 17628622
Change-Id: I17f8eead34ce2112005899fc30162067573023ec
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
fpathconf(3) and pathconf(3) can share code. There's no such
header file as <pathconf.h>. glibc/POSIX and BSD disagree about where
the _POSIX_* definitions should go.
Change-Id: I4a67f1595c9f5fbb26700a131178eedebd6bf712
gdb was happy with what we had, but libgcc and libunwind weren't.
libgcc is happy with the kernel's restorer (because of the extra nop),
though libunwind looks like it's going to need code changes regardless.
We could make our restorer more like the kernel's one, but why bother
when we can just let the kernel supply the canonical one?
Bug: 17436734
Change-Id: I330fa5e68f23b1cf8133aa552896657b0b873ed3
* LP32 should use sa_restorer too. gdb expects this, and future (>= 3.15) x86
kernels will apparently stop supporting the case where SA_RESTORER isn't
set.
* gdb and libunwind care about the exact instruction sequences, so we need to
modify the code slightly in a few cases to match what they're looking for.
* gdb also cares about the exact function names (for some architectures),
so we need to use __restore and __restore_rt rather than __sigreturn and
__rt_sigreturn.
* It's possible that we don't have a VDSO; dl_iterate_phdr shouldn't assume
that getauxval(AT_SYSINFO_EHDR) will return a non-null pointer.
This fixes unwinding through a signal handler in gdb for all architectures.
It doesn't fix libunwind for arm and arm64. I'll keep investigating that...
Bug: 17436734
Change-Id: Ic1ea1184db6655c5d96180dc07bcc09628e647cb
Also remove a reference to it and two other files that have already
been removed in a script --- these files were problematic because they
weren't UTF-8.
Change-Id: Ibf597bac1903c34d8d0fe0a09615c42f24d4f23d
A lot of third-party code calls the private __get_thread symbol,
often as part of a backport of bionic's pthread_rwlock implementation.
Hopefully this will go away for LP64 (since you're guaranteed the
real implementation there), but there are still APIs that take a tid
and no way to convert between a pthread_t and a tid. pthread_gettid_np
is a public API for that. To aid the transition, make __get_thread
available again for LP32.
(cherry-pick of 27efc48814b8153c55cbcd0af5d9add824816e69.)
Bug: 14079438
Change-Id: I43fabc7f1918250d31d4665ffa4ca352d0dbeac1
The use of the .hidden directive to avoid going via the PLT for
__set_errno had the side-effect of actually making __set_errno
hidden (which is odd because assembler directives don't usually
affect symbols defined in a different file --- you can't even
create a weak reference to a symbol that's defined in a different
file).
This change switches the system call stubs over to a new always-hidden
__set_errno_internal and has a visible __set_errno on LP32 just for
binary compatibility with old NDK apps.
(cherry-pick of 7efad83d430f4d824f2aaa75edea5106f6ff8aae.)
Bug: 17423135
Change-Id: I6b6d7a05dda85f923d22e5ffd169a91e23499b7b
This was in <stdlib.h> in older releases. It's no longer used, but we can
preserve backwards compatibility by making it a no-op.
(cherry-pick of 51c8355d5cf4b83ccd2ad250ca4c61a616356c2b.)
Bug: 16205834
Change-Id: Idde7b46df4f253e39675600bcf82352879a716e7
The current arc4random implementation stirs itself as needed, but we
need to keep an arc4random_stir symbol around for binary compatibility.
(cherry-pick of 1e010d60397db706cd3d1c4d5701a2bced441aa8.)
Bug: 17291075
Change-Id: Iaf6171c3ec65c39c1868364d5b35ea280e29a363
We already had the POSIX strerror_r, but some third-party code defines
_GNU_SOURCE and expects to get the GNU strerror_r instead.
This exposed a bug in the libc internal logging functions where unlike
their standard brethren they wouldn't return the number of bytes they'd
have liked to have written.
Bug: 16243479
Change-Id: I1745752ccbdc569646d34f5071f6df2be066d5f4
...rather than just what's already mapped in. This seems somewhat
contrary to POSIX's "All pages within the stack described by stackaddr
and stacksize shall be both readable and writable by the thread", but
it's what glibc does.
Bug: 17111575
Change-Id: If9e2dfad9a603c0d0615a8123aacda4946e95b2c
