* commit '98f7659d7e3a7d75c68a41299f6ee55d7d35c27b':
Don't fail to run DT_INIT and DT_INIT_ARRAY constructors if a shared library has DT_PREINIT_ARRAY constructors.
The GNU dynamic linker silently ignores a DT_PREINIT_ARRAY section
in a shared library. We had ineffectual code that tried to report
an error, which I tried to fix but got wrong --- my version still
wouldn't report the error to the caller, but would prevent us from
continuing to call constructors.
Bug: 8825226
Change-Id: I4fd8450ecc44d8767a1cb808aeecfbfbfc77c070
get_AT_SECURE() was getting called before linker_env_init() had
been called, and returning the default value ("true"). This was
causing us to reopen closed stdin, stdout, and stderr for ALL
processes, not just privileged (setuid) processes.
Calling path:
- __linker_init
- soinfo_link_image
- get_AT_SECURE
- __linker_init_post_relocation
- linker_env_init
This change restores the intended behavior of only re-opening
stdin, stdout, and stderr for privileged processes.
Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0
This adds __libc_fatal, cleans up the internal logging code a bit more,
and switches suitable callers over to __libc_fatal. In addition to logging,
__libc_fatal stashes the message somewhere that the debuggerd signal handler
can find it before calling abort.
In the debuggerd signal handler, we pass this address to debuggerd so that
it can come back with ptrace to read the message and present it to the user.
Bug: 8531731
Change-Id: I416ec1da38a8a1b0d0a582ccd7c8aaa681ed4a29
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.
Also use O_CLOEXEC when opening the /dev/log files.
Move everything logging-related into one header file.
Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
Still chipping away at the situation where every variable in the
linker was of type 'unsigned'. This patch switches counts over to
being size_t and adds an explicit type for init/fini function pointers
and arrays of function pointers.
Also improve logging from CallArray.
Also remove trailing "\n"s from log messages.
Change-Id: Ie036d2622caac50f4d29f0570888bb527661d77e
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
Replace a kernel header file dependency with files from NetBSD.
They're more complete, and ELF is ELF, whether you're on Linux or a BSD.
Bug: 7973611
Change-Id: I83ee719e7efdf432ec2ddbe8be271d05b2f558d7
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
The linker is essentially a shared library, and incorporates
it's own copy of libc. Even though it's unnecessary, currently
/system/bin/linker is exporting various libc symbols (only to
apps which explicitly dlopen /system/bin/linker)
Add --exclude-libs,ALL, which tells the static linker to mark
all of the imported libc symbols as hidden. This reduces the
size of /system/bin/linker from 92K to 67K with no obvious
loss in functionality.
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 92260 2013-01-16 16:52 linker
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 67660 2013-01-16 16:49 linker
Documentation on exclude-libs can be found at
http://sourceware.org/binutils/docs-2.21/ld/Options.html
Change-Id: I4508287770e4b7a845def2e6b4af969f9c866c6a
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.
Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
This is primarily for MIPS exutables that do not have a
DT_MIPS_RLD_MAP entry.
Change-Id: I4c221d92debcfed961eeee2515123f3fb21ec8e6
Signed-off-by: Chris Dearman <chris@mips.com>
This patch replaces .S versions of x86 crtfiles with .c which are much
easier to support. Some of the files are matching .c version of Arm
crtfiles. x86 files required some cleanup anyway and this cleanup actually
led to matching Arm files.
I didn't change anything to share the same crt*.c between x86 and Arm. I
prefer to keep them separate for a while in case any change is required
for one of the arch, but it's good thing to do in the following patches.
Change-Id: Ibcf033f8d15aa5b10c05c879fd4b79a64dfc70f3
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
If you need to build your own linker to get debugging, the debugging
is never available when you need it.
Change-Id: I5ff7e55753459d49a2990f25d9aa155e0b8602e0
According ELF spec re. DT_SYMBOLIC:
This element's presence in a shared object library alters the dynamic
linker's symbol resolution algorithm for references within the library.
Instead of starting a symbol search with the executable file, the
dynamic linker starts from the shared object itself. If the shared
object fails to supply the referenced symbol, the dynamic linker then
searches the executable file and other shared objects as usual.
This change implements the last part.
Change-Id: Iae95d53d455313a4306f11733941bcd3596ac85f
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
NVIDIA binary blobs construct strings to pass to dlopen(3) that
contain '/' but require that we fall back to LD_LIBRARY_PATH.
Change-Id: Iad831899986baace6962f4b335eeb288250a1e22
We'll need a lot more refactoring of this code before we can reduce
the granularity, but this is a step forward.
Change-Id: I07061720e734b571a8399c1d5b4f2f35cd681307
Request memory from the system when needed instead of having a fixed
array for soinfo structs. Note that malloc() et al can't be used in
linker, so use mmap() instead.
Change-Id: I4b495995931d7752b0e8c944e64d1fe41b9f7144
Also ensure that dlopen(3) errors always include the name of the library we
failed to open.
Also fix a bug where we'd fall back to searching LD_LIBRARY_PATH and the
built-in paths for names that include slashes.
Bug: http://code.google.com/p/android/issues/detail?id=38479
Change-Id: Ib2c009ed083344a7a012749d58f8679db2f26c78
If an executable contain copy relocations, other references
to the symbol it points to should be preempted and made to
point to the copy instead.
Also, the linker should make sure the target area has
sufficient space to contain the copy. It also checks
whether the library that supplies the symbol is built
with -Bsymbolic, and errors out if this is the case.
Change-Id: If135c83590092741cfd8f82f54816f363a4a4a3b
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
I still want to break linker_format out into its own library so we can reuse
it for malloc debugging and so forth. (There are many similar pieces of code
in bionic, but the linker's one seems to be the most complete/functional.)
Change-Id: If3721853d28937c8e821ca1d23cf200e228a409a
error: C99 designator 'name' outside aggregate initializer
G++ 4.7+ can't handle some of C99 designated initializers.
Most likely it's just not implemented yet. Other possible workarounds is
to compile this as C not C++ or define name as char* instead of char[SIZE].
Appeared after this change https://android-review.googlesource.com/#/c/44470
Change-Id: Ib28157848ce759b8bb5dbb2ac0d9a768fa4e5107
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
I gave up trying to use the usual thread-local buffer idiom; calls to
calloc(3) and free(3) from any of the "dl" functions -- which live in
the dynamic linker -- end up resolving to the dynamic linker's stubs.
I tried to work around that, but was just making things more complicated.
This alternative costs us a well-known TLS slot (instead of the
dynamically-allocated TLS slot we'd have used otherwise, so no difference
there), plus an extra buffer inside every pthread_internal_t.
Bug: 5404023
Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
Add unit tests for dlerror(3) in various situations. I think We're at least
as good as glibc now.
Also factor out the ScopedPthreadMutexLock and use it here too.
Bug: http://code.google.com/p/android/issues/detail?id=38398
Change-Id: I040938b4366ab836e3df46d1d8055b92f4ea6ed8
Now we use private variables in transform-o-to-executable to support
build executables against the NDK.
Bug: 7170098
Change-Id: I6e505b33001b76f4b11fcbbb1d35392c4ddf4c70
Our debugger signal catcher expects to receive three args, but if
somebody cleared SA_SIGINFO we only get one, and bad things happen
when we try to use the second one. Test to see if SA_SIGINFO is
still set before we try to use the argument.
(cherry-pick of f84bc8d6f6368f1c846124a8168761ee8cc589c0.)
Bug: 7272866
Change-Id: I69a65c25e833aea70acb78f9ba40ed93308583e6
Our debugger signal catcher expects to receive three args, but if
somebody cleared SA_SIGINFO we only get one, and bad things happen
when we try to use the second one. Test to see if SA_SIGINFO is
still set before we try to use the argument.
Bug: 7272866
Change-Id: If682a2262fe8a575f3802fb0c60a53eea3082456
Now we use private variables in transform-o-to-executable to support
build executables against the NDK.
Bug: 7170098
Change-Id: I6e505b33001b76f4b11fcbbb1d35392c4ddf4c70
Currently, linker doesn't update the map->l_addr for execution.
Which could break the Unwind_Backtrace with PT_GNU_EH_FRAME enabled
in new toolchain.
Change-Id: Ifbd853134da64a962f7e4c4105e56a3f20def1b2
Author: Fengwei Yin <fengwei.yin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 57077
Lose the pid, only show the name of the function (not its whole signature),
and include the name of the library we failed to load. (I hadn't noticed
that the library name was missing before because in Java we add that into
the UnsatisfiedLinkError detail message.)
The new output looks like this:
Cannot load library: soinfo_relocate(linker.cpp:968): cannot locate symbol "__libc_malloc_default_dispatch" referenced by "libc_malloc_debug_leak.so"...
Change-Id: I3bb5c9780d9aaf3a9e4418ea55bc98122a81f80f
