Commit graph

98 commits

Author SHA1 Message Date
Nick Kralevich
35778253a5 Fix "faccessat ignores flags"
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.

Fix the kernel system call so that no flags argument is passed in.

Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.

For example, consider the following code:

  symlink("foo.is.dangling", "foo");
  if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
    int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
  }

The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.

Some further discussions of this are at:

  * http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
  * http://permalink.gmane.org/gmane.linux.lib.musl.general/6952

AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.

Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.

Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
2015-02-24 13:40:43 -08:00
Nikola Veljkovic
daf8911079 [MIPS64] Fix mips64 build.
Build was broken by:
https://android-review.googlesource.com/133834

Use <unistd.h> to get syscall().
Remove <asm/unistd.h>, it gets included through <sys/syscall.h>.

Change-Id: Id762f6dea5f9538c19b79cdd46deda978efd50fe
2015-02-23 16:21:31 +01:00
Elliott Hughes
41ef902379 Fix memchr overflow.
The overflow's actually in the generic C implementation of memchr.

While I'm here, let's switch our generic memrchr to the OpenBSD version too.

Bug: https://code.google.com/p/android/issues/detail?id=147048
Change-Id: I296ae06a1ee196d2c77c95a22f11ee4d658962da
2015-02-14 13:21:22 -08:00
Nick Kralevich
00490ae3f3 Ensure raw fchmod/fchmodat syscalls are hidden.
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:

  for LP64 these will be hidden. for LP32 we were cowards and left
  them all public for compatibility (though i don't think we ever
  dremeled to see whether it was needed). we don't have an easy
  way to recognize additions, though, so we can't prevent adding
  new turds.

Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.

Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
2015-02-03 12:10:30 -08:00
Nick Kralevich
3cbc6c627f Add fchmodat(AT_SYMLINK_NOFOLLOW) and fchmod O_PATH support
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.

There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.

Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".

Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.

This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.

As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.

The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.

Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
2015-02-02 13:17:17 -08:00
Raghu Gandham
86d2feef9f Modify MIPS64 stat structure to match a generic one in AOSP.
The kernel version of the stat structure is used during the syscalls. After the syscall,
the kernel stat structure is converted to match the generic one. Eventually we would like
the generic stat structure and related syscalls be added to MIPS64 kernel, removing the
thunks added to AOSP.

Change-Id: I7764e80278c1cc8254754c3531ec2dda7544a8ec
2015-01-28 16:12:17 -08:00
Elliott Hughes
e6099098a5 Fix mips build.
Move various mips-only things into the arch-mips directory. As soon as mips
writes assembler replacements, we can remove these.

Change-Id: Ia7308559bc361f5c8df3e1d456b381865e060b93
2015-01-27 11:09:27 -08:00
Elliott Hughes
76f8916b90 Clean up <stdlib.h> slightly.
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.

Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
2015-01-26 14:28:41 -08:00
Duane Sand
50a3c6949b [MIPS] Add sgidefs.h for mips64
Sgidefs.h is needed by strace.
Replaced now-duplicate arch-mips64/include directory
by symlink to arch-mips/include.

Change-Id: I7808602cfa452eca3ffbdb94903f4c5bdb33efa3
2014-12-12 16:25:36 -08:00
Yabin Cui
94926f8cfa Merge "support _POSIX_REALTIME_SIGNALS" 2014-12-09 20:10:19 +00:00
Yabin Cui
634816055f support _POSIX_REALTIME_SIGNALS
Bug: 18489947
Change-Id: I2e834d68bc10ca5fc7ebde047b517a3074179475
2014-12-08 21:52:43 -08:00
Elliott Hughes
d27ae2f8d7 Merge mips setjmp/longjmp family.
Bug: 16918359
Change-Id: I9033a7d178d431ddb09f1cfa6e4bf95ae02346e9
2014-12-08 17:07:53 -08:00
Elliott Hughes
2fecbfaeee Switch arch-mips64/include/machine to a symlink.
Imagination already did the work to make the contents of these directories
identical. Let's take advantage of that fact.

Change-Id: Ib101ba39041fb500c9c618fa2020e72aa2ccd9c2
2014-12-08 16:48:34 -08:00
Elliott Hughes
b514026eb2 Kill <machine/exec.h>.
Bug: 18546535
Change-Id: I479e003deab21e31eb5caa5393067ed1dc558387
2014-12-02 16:16:29 -08:00
Duane Sand
3a4786348e [MIPS] Rewrite of setjmp/longjmp for mips64 and mipsr6
Change-Id: Idcd13413520dd503bc9cf782553675313e500a83
2014-11-25 17:33:10 -08:00
Elliott Hughes
ee369fb319 Bring our <machine/endian.h> files back in sync.
They'd drifted slightly which led to a compilation error in toybox,
which was assuming pid_t was defined. arm and arm64 were picking it
up via <endian.h> but x86 wasn't.

Change-Id: I58401e6c0066959dfc3b305b020876aaf7074bbf
2014-11-21 18:34:36 -08:00
Dmitriy Ivanov
4ae178f81d Mips: remove arch-specific atexit.h
Change-Id: I687ff4ead6c5e81db44782bf851cb84f87bfe085
2014-11-21 14:42:53 -08:00
Dmitriy Ivanov
e3e8d15f23 Mips: Remove unused files
Change-Id: If98b832ee32f6dcd9f5d7ae21c601c210adfad6b
2014-11-21 14:29:43 -08:00
Dmitriy Ivanov
c619603a31 Mips: Reuse atexit.h from libc/arch-common
Change-Id: Ica1670e6d3d1b6b0c64df93720efa65586e67727
2014-11-21 13:07:36 -08:00
Elliott Hughes
b86a4c7f65 Add sethostname(2).
Not very useful, but helps building stuff like toybox out of the box.

Change-Id: I110e39030452bd093a84278e019c5752d293718d
2014-11-07 16:48:27 -08:00
Haruki Hasegawa
1816025684 Add clock_settime and clock_nanosleep.
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.

Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
2014-10-13 17:04:10 -07:00
Andrew Hsieh
b0c0037370 Remove arch-mips64/bionic/__get_sp.S
__get_sp.S doesn't exist

Change-Id: Id84f8904c8022c683263a317a18fabeb50fed992
2014-09-30 07:55:32 +08:00
Elliott Hughes
7c02d9428c Clean up the architecture-specific makefiles.
Group things appropriately and name each group.

Change-Id: I0da45eb0ccde19c31d5e984d0e6eb3dad26630dc
2014-09-16 19:06:31 -07:00
Elliott Hughes
b587f339db Add posix_fadvise(3).
(cherry-pick of 00008263782e484020420c606f7d145fe7d0a4d8.)

Bug: 12449798
Change-Id: I07cbf3f670a0d1304b68148325a774f266b5c433
2014-09-11 08:45:46 -07:00
Elliott Hughes
011e111d29 Ensure __set_errno is still visible on LP32.
The use of the .hidden directive to avoid going via the PLT for
__set_errno had the side-effect of actually making __set_errno
hidden (which is odd because assembler directives don't usually
affect symbols defined in a different file --- you can't even
create a weak reference to a symbol that's defined in a different
file).

This change switches the system call stubs over to a new always-hidden
__set_errno_internal and has a visible __set_errno on LP32 just for
binary compatibility with old NDK apps.

(cherry-pick of 7efad83d430f4d824f2aaa75edea5106f6ff8aae.)

Bug: 17423135
Change-Id: I6b6d7a05dda85f923d22e5ffd169a91e23499b7b
2014-09-08 16:46:50 -07:00
Dmitriy Ivanov
4b41555ba5 Revert "Register __libc_fini as early as possible."
This reverts commit e880c736d6.

Change-Id: Ide83e442eb5dbfef5298a15bc602c3fe1dda1862
2014-09-04 21:54:34 +00:00
Dmitriy Ivanov
e880c736d6 Register __libc_fini as early as possible.
We want __libc_fini to be called after all the destructors.

Bug: 14611536
Change-Id: Ibb83a94436795ec178fd605fa531ac29608f4a3e
2014-09-03 15:27:29 -07:00
Chris Dearman
296895f1a9 MIPS64 syscall() arguments
The seventh argument for syscall is passed in a register, not on the stack

Change-Id: Idb69fac77d1f710cff5a3ab4ae1259feb61ae69d
2014-09-02 12:41:01 -07:00
Elliott Hughes
57b7a6110e Fix pthread_getattr_np for the main thread.
On most architectures the kernel subtracts a random offset to the stack
pointer in create_elf_tables by calling arch_align_stack before writing
the auxval table and so on. On all but x86 this doesn't cause a problem
because the random offset is less than a page, but on x86 it's up to two
pages. This means that our old technique of rounding the stack pointer
doesn't work. (Our old implementation of that technique was wrong too.)

It's also incorrect to assume that the main thread's stack base and size
are constant. Likewise to assume that the main thread has a guard page.
The main thread is not like other threads.

This patch switches to reading /proc/self/maps (and checking RLIMIT_STACK)
whenever we're asked.

Bug: 17111575
Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Change-Id: I1d4dbffe7bc7bda1d353c3a295dbf68d29f63158
2014-08-26 10:36:38 -07:00
Dan Albert
47793d6a29 Remove _flush_cache(2) for mips64.
Also remove declaration.

The only user is compiler-rt, and they can replace that call with one to
syscall(2). compiler-rt doesn't currently build on mips64 anyway.

Bug: 11156955
Change-Id: Ieae0ba49c8e7aa50253401fc1d7c2d17bc867d39
2014-08-21 13:32:37 -07:00
Elliott Hughes
0e7f8a9e52 Simplify _ALIGN_TEXT.
Bug: 16872067
Change-Id: I2b622f252c21ce1b344c040f828ab3f4bf9b6c0a
2014-08-20 13:11:58 -07:00
Dan Albert
bc9f9f25bf Make __set_errno hidden in asm.
This fixes the build after the -Bsymbolic change.

Bug: 16853291
Change-Id: I989c9fec3c32e0289ea257a3bd2b7fd2709b6ce2
2014-08-08 15:35:47 -07:00
Dan Albert
6a918870ba Revert "Replaces vfork() implementation with fork()"
We're getting cold feet on this one... let's put it back.

This reverts commit 210331d976.

Change-Id: I6b0d3c2b1dbf7f1dc9566979a91b7504c2189269
2014-08-05 14:11:38 -07:00
Elliott Hughes
79310994d2 Implement <sys/fsuid.h>.
Change-Id: I1e5e50444a1b5a430ba5b5d9b8b1d91219af5e92
2014-07-30 15:19:29 -07:00
Duane Sand
dd37251c47 [MIPSR6] setjmp supports mips32r6 and FP64A/FPXX reg models
Save and restore floating point registers via 64-bit
load/stores when possible.  Use assembler's builtin macro
ops to generate pairs of 32-bit load/stores on Mips I cpus.

Some cpus or FR modes have only 16 even-numbered dp fp regs.
This is exposed by _MIPS_FPSET, defined by existing compilers.

Change-Id: I7f617a3ffea8da41c402ef3a68ab32c91d3d7622
2014-07-23 13:57:30 -07:00
Elliott Hughes
3f525d41c2 Add splice, tee, and vmsplice.
Change-Id: I5f43380b88d776a8bb607b47dbbc5db5a2fe6163
2014-06-24 19:03:31 -07:00
Elliott Hughes
7086ad6919 Cache getpid.
In practice, with this implementation we never need to make a system call.
We get the main thread's tid (which is the same as our pid) back from
the set_tid_address system call we have to make during initialization.
A new pthread will have the same pid as its parent, and a fork child's
main (and only) thread will have a pid equal to its tid, which we get for
free from the kernel before clone returns.

The only time we'd actually have to make a getpid system call now is if
we take a signal during fork and the signal handler calls getpid. (That,
or we call getpid in the dynamic linker while it's still dealing with its
own relocations and hasn't even set up the main thread yet.)

Bug: 15387103
Change-Id: I6d4718ed0a5c912fc75b5f738c49a023dbed5189
2014-06-20 09:06:57 -07:00
Dan Albert
f87ac523a1 Merge "Remove ioprio_get(2) and ioprio_set(2) from LP64." 2014-06-12 03:32:07 +00:00
Dan Albert
607341e226 Remove ioprio_get(2) and ioprio_set(2) from LP64.
Bug: 11156955
Change-Id: I07b596d85e4bd6347d488d1a92c8d0a00b5ef3b3
2014-06-12 18:10:13 -07:00
Elliott Hughes
24614b4729 Remove __memcmp16 from bionic.
Change-Id: I2486d667d96c8900dd368d855f37c1327161efb7
2014-06-12 15:35:22 -07:00
Dan Albert
440bd6bcc3 Merge "Replaces vfork() implementation with fork()" 2014-06-10 22:08:45 +00:00
Dan Albert
210331d976 Replaces vfork() implementation with fork()
vfork() was removed from POSIX 2008, so this replaces its implementation
with a call to fork().

Bug: 13935372
Change-Id: I6d99ac9e52a2efc5ee9bda1cab908774b830cedc
2014-06-10 21:38:52 -07:00
Elliott Hughes
1c60f8080a Merge "Rename __bionic_clone_entry to __start_thread." 2014-06-06 22:24:44 +00:00
Elliott Hughes
ebc8cd117a Rename __bionic_clone_entry to __start_thread.
This seems a bit less obscure.

Change-Id: I7dc528c253b73c861694f67556ad8f919bf92136
2014-06-06 15:18:54 -07:00
Elliott Hughes
3d5cb30d23 Remove getdents from bionic.
Bug: 11156955
Change-Id: I6c306989801be552d85fba8a50dcdc79282fb9d2
2014-06-06 15:05:58 -07:00
Dan Albert
40fca0f08b Removes index() from bionic.
This function has been removed from POSIX.

Unfortunately, we can't leave #define index(a, b) strchr((a), (b)) in its place
because defining a preprocessor macro for index() breaks a whole lot of code.

Bug: 13935372
Change-Id: Ifda348acde06da61c12e7ee2f8fe6950a3174dd1
2014-06-05 11:05:10 -07:00
Dan Albert
ce9ce28e5d Removes bcopy and bzero from bionic.
These symbols are still defined for LP32 for binary compatibility, but
the declarations have been replaced with the POSIX recommended #defines.

Bug: 13935372
Change-Id: Ief7e6ca012db374588ba5839f11e8f3a13a20467
2014-06-03 17:22:07 -07:00
Elliott Hughes
5d9a7ba0dc Avoid a system call in 'gettid'.
System calls can be pretty slow. This is mako, which has one of our
lowest latencies:

                       iterations      ns/op
  BM_unistd_getpid       10000000        209
  BM_unistd_gettid      200000000          8

Bug: 15297299 (kernel panic from too many gettid calls)
Bug: 15315766 (excessive gettid overhead in liblogd)
Change-Id: I49656c0fc5b5d092390264a59e4f2c0d8a8b1aeb
2014-06-02 10:32:55 -07:00
Elliott Hughes
fae42a837a Merge "Revert "Revert "Lose the hand-written futex assembler.""" 2014-05-29 03:13:23 +00:00
Elliott Hughes
b30aff405a Revert "Revert "Lose the hand-written futex assembler.""
The problem with the original patch was that using syscall(3) means that
errno can be set, but pthread_create(3) was abusing the TLS errno slot as
a pthread_mutex_t for the thread startup handshake.

There was also a mistake in the check for syscall failures --- it should
have checked against -1 instead of 0 (not just because that's the default
idiom, but also here because futex(2) can legitimately return values > 0).

This patch stops abusing the TLS errno slot and adds a pthread_mutex_t to
pthread_internal_t instead. (Note that for LP64 sizeof(pthread_mutex_t) >
sizeof(uintptr_t), so we could potentially clobber other TLS slots too.)

I've also rewritten the LP32 compatibility stubs to directly reuse the
code from the .h file.

This reverts commit 75c55ff84e.

Bug: 15195455
Change-Id: I6ffb13e5cf6a35d8f59f692d94192aae9ab4593d
2014-05-28 18:31:15 -07:00